Organisations convinced they have been the victims of state-sponsored cyberattacks may want to take a deep breath and look at their employees first, one security expert has advised during his address at the AusCERT 2013 security conference.
Australian ISPs and universities are sending more than 10,000 emails a day to warn customers their systems appear to be infected by malware – but as few as one in five is ever read by its recipient, statistics from the Australian Communications and Media Authority’s (ACMA’s) Australian Internet Security Initiative (AISI) show.
Brazilian hackers on the hunt for banking credentials are now targeting Bitcoin owners with a trick that sends victims to a phishing page when they enter the correct URL for Mt Gox, the online exchange that claims to account for 80 per cent of all Bitcoin trade.
Months on from the government’s bold PR initiative in which it said it would spend $1.46 billion on IT security, the release of the 2013-14 federal budget has shown little additional financial support for this and other cyber security initiatives.
Cloud, mobility and bring-your-own-device (BYOD) computing are providing so many new potential ingress points to your network that it’s getting near impossible to keep up. The solution, as David Braue finds, lies in reconsidering your exposure, revisiting your IAM strategy – and picking your battles carefully.
Just a few short years ago, all a PC needed for protection was a basic antivirus program to guard against any malware that arrived via an e-mail attachment, embedded in a shareware application or piggy-backed on a floppy disk.
Prime Minister Julia Gillard was on hand in Sydney this week to launch a new cyber education module called bCyberwise. Developed by Life Education and McAfee, the program is designed to teach primary school students about online dangers such as becoming `friends' with strangers and cyber bullying. The program will be rolled out to Australian schools from 4 February.
Social engineers, or "human hackers", have been duping victims from the very beginning of human existence. Here are nine infamous con artists who made history with their scams and schemes.
These days barely a day goes by where there isn’t some sort of network security breach or hack or malfunction of some sort. This year too we had the rise of groups such as Anonymous and Lulz that sought out attention for their activities. Here we take a look at the year in pictures of some of the key security problems that grabbed our attention.
Hackers, Matrix, Swordfish, Sneakers, Cypher - what's your favourite?
Websense 'Security Pros and Cons' survey of 1,000 IT managers confirms that data breaches are widespread. Here's a look at how organizations are responding.
Perhaps it was an omen of what was to come when the city of San Francisco on New Year's Eve 2010 couldn't get a backup system running in its Emergency Operations Center because no one knew the password.
'Tis the season to begin ramping up online shopping activity, and for retailers that means doing all they can to ensure their websites are up, highly available and able to handle peak capacity. Looming in many IT managers' minds is the cautionary tale of Target, whose website crashed twice after it was inundated by an unprecedented number of online shoppers when the retailer began selling clothing and accessories from high-end Italian fashion company Missoni.
No company wants to be associated with a data breach, but if your systems are compromised the fallout can sometimes be more damaging than the act itself.
Stealthy, sometime long-term cyber-espionage attacks to steal sensitive proprietary information -- what some now call "advanced persistent threats" (APT) -- have become a top worry for businesses.
This is a real issue, and not just one for the well publicised attacks on major corporations such as Sony, Lockheed, Google, and Citi. It affects every business and organisation, large and small. More worrying still, it is now widely suggested that hackers and espionage organisations are moving away from directly attacking their target company, choosing instead to route their attack through suppliers to their target. Thus, even small and seemingly innocuous “third party” businesses who would not consider themselves as potential targets are now on the front line of this cyber war.
Cyber security is the double edged sword of modern business. Because the Internet is an evolving technology that carries enormous potential and vulnerability, cyber security embraces questions of internet freedom, network architecture and the economic potential of cyberspace
Cyber security remains one of the most dynamic fields within the technology industry. Because of the financial and political impact of cybercrime, attackers are continuously looking to innovate and outsmart security vendors and consulting companies. As a result, the IT community is perpetually engaged in a contest of strategy to combat new cyber threats. These are some of the top security threats we can expect to see developing over the next year, including top tips to combat these dangers.
Mainstream Australian media sites now regularly mention hacking incidents carried out by the hacktivist group 'Anonymous'. The group recently defaced several prominent Australian websites, and has now also claimed to have stolen user credentials and contact information from Pizza Hut Australia.
The answer to this question is simple: no. With the developments in social media and two-way communication channels such as Twitter, Facebook and YouTube, it has made social privacy somewhat non-existent.
The malware BKDR_ADDNEW, better known as 'DaRK DDoSseR' in the underground, is a tool that provides distributed denial of service (DDOS) capability combined with password stealing functionality. The tool costs $30 and has been available for several years.
Sign up now »
Use Splunk to search, alert and report in real time on any user, network, system or application activity, configuration changes, and other IT data from one place.
- FTFlash / ActionScript Developer - ContractNSW
- FTQuality ManagerSA
- FTSenior Python DeveloperNSW
- FTTest EngineerVIC
- FTJob Title: Mac Systems/ Enterprise Systems EngineerNZ
- FTLead Software EngineerSA
- FTSenior Python Web Applications DeveloperNSW
- FTR&D EngineerSA
- FTTest Analyst (MS Environment) .netNSW
- FT.NET - Sitecore Developer - Melbourne - PermNSW
- FTTest Analyst (MS Environment) .netNSW
- FTOS Web Applications DeveloperNSW
- FTSenior Python DeveloperNSW
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.