News
Layered defenses largely fail to block exploits, says NSS
Research lab finds a mix of products from different vendors is best for 'defense in depth'
Researchers warn of increased Zeus malware activity this year
The amount of cybercriminal activity associated with the Zeus family of financial Trojan programs has increased during the past few months, according to security researchers from antivirus vendor Trend Micro.
AusCERT 2013: Four dissenters to spur next year's security debates
Dissent is always more enjoyable than conformity. Not only does it make a better story for a journalist, it occasionally forces people to think.
AusCERT 2013: Kill the password, says Mozilla
Mozilla Persona had one of its first conference Australian outings at AusCERT 2013, with software engineer on the project, New Zealand-based Francois Marier's tutorial on the architecture of the identity project.
AusCERT 2013: Unmanaged, unknown privileged logins opening the door for APTs: Cyber-Ark
Many companies find out the hard way that poorly managed distribution of sensitive access credentials is helping advanced persistent threats (APTs) scour networks for privileged-user credentials, Cyber-Ark’s Asia-Pacific vice president Dan Dinnar has warned.
AusCERT 2013: Companies unaware of IPv6 security risk even if they’re not using it
Software vendors’ proactive approach to IPv6 has created a glaring security hole for companies that think they haven’t activated the next-generation Internet addressing protocol yet, Cisco Systems consulting security engineer Stefan Avgoustakis has warned.
Researchers find unusual malware targeting Tibetan users in cyberespionage operation
Security researchers from antivirus vendor ESET discovered a piece of cyberespionage malware targeting Tibetan activists that uses unusual techniques to evade detection and achieve persistency on infected systems.
Google's latest Penguin update lets you squeal on spammy websites -- as well as anyone else
The latest version of Google's sophisticated anti-spam algorithm, dubbed Penguin 2.0, was announced yesterday in an official blog post from the company's well-known webspam czar, Mike Cutts.
In pictures: AusCERT 2013 roundup
Vendors and delegates were out in force for AusCERT 2013 on the Gold Coast. Here's a roundup of some of the action.
In pictures: AusCERT 2013 gala awards night
The annual AusCERT gala awards night kicked off with fireworks as the organisation celebrated its 20th birthday. Guests enjoyed entertainment from comedian Adam Spencer while taking the chance to network.
AusCERT 2013: International cyberwar response more complex than geopolitical treaties: NATO CCD COE analyst
They may not be able to call on real-world cooperation and defence agreements to build their cyberspace defences yet, but government security organisations may find value in emulating Estonia’s experience building a voluntary ‘cyber corps’ of security professionals available in times of need, NATO CCD COE (Cyber Defence Centre of Excellence) analyst Anna-Maria Talihärm has advised.
AusCERT 2013: Deploying BYOD in a government environment
Strong executive desire to use iPhones led the Department of Sustainability, Environment, Water, Population and Communities to start looking for solutions that would separate government from personal information.
AusCERT 2013: 'Hacktivism' may have passed its prime, but it still left its mark
Get used to hacktivism, because we're stick with it – but whether it fits the media image of “Anonymous”, or how long Anonymous as it first emerged will continue, is a different question. That's the message from Forbes' Parmy Olsen, author of We Are Anonymous: Inside the Hacker World of Anonymous, LulzSec and the Global Cyber Insurgency, speaking to AusCERT 2013.
AusCERT 2013: Visibility critical when selling IT security to execs, says Foxtel CSO
Hard-to-find security skills and the rapid pace of malware evolution make a strong relationship with a managed security services (MSS) provider as important as maintaining the internal tools to keep business executives apprised of IT-security risk, Foxtel information security manager Kevin Shaw has advised.
AusCERT 2013: Interview with Dr Lizzie Coles-Kemp
Dr Lizzie Coles-Kemp is a senior lecturer in the Information Security Group, Royal Holloway University of London. She is keenly interested in how social behaviours influence our attitudes to security. For example, in communities where Internet accounts need to be shared between family members, the security professional's assumption that one account and password identifies one person is undermined. CSO spoke to Dr Coles-Kemp about the nexus between social behaviours and information security.
AusCERT 2013:Packetloop looks at the half-life of security information
Data is at its most valuable just after it's created, and vulnerability data in particular has a short half-life, says Packetloop's Michael Baker.
AusCERT organisation celebrates 20 years
Fireworks lit up the sky as the AusCERT organisation kicked off its 20th birthday to coincide with the annual awards night.
Google to lengthen SSL encryption keys from August
Google plans to upgrade the security of its SSL (Secure Sockets Layer) certificates, an important component of secure communications.
Microsoft brushes off claim Xbox Live accounts were compromised
Microsoft brushed off a dubious hacker's claim on Thursday that he stole 47 million account credentials for Microsoft's Xbox Live gaming service.
Could the Bitcoin network be used as an ultrasecure notary service?
Manuel Araoz, a 23-year-old developer in Argentina, has an idea for Bitcoin that doesn't focus on money.
- 1
Dell targets ANZ security opportunities as SecureWorks debuts locally
- 2
AusCERT 2013: Cloud-based scanner identifies new malware by its ancestry
- 3
AusCERT 2013: Users, cats more likely hack culprits than cyber-espionage: Trustwave
- 4
ACMA database keeps finger on Australia’s malware pulse
- 5
Lethal medical device hack taken to next level
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
Warning: Tips for secure mobile holiday shopping
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.









