Multi-factor authentication (“MFA”) is a technology which has seen widespread adoption across numerous platforms such as Facebook, Google and various Microsoft services. It requires users to have two or more factors prior to access being granted to their account. This is typically implemented through something known to the user, i.e. a password, and something they […]
The first step in any effective cyber security framework it taking ownership of the framework, this can begin with a company board, collective business groups, teams or even an individual, but without that committed undertaking of responsibility and the shared awareness of its applicability and awareness throughout your organisation how can the plan thrive? Effective […]
We don’t need to look very far to learn that security management is a pretty big deal, if your organisation is in the position where you know you need to make changes, starting by understanding at what stage is your organisation and clarifying what your organisations security posture is? Do you know how to do all […]
Threats from modern cyber attacks are becoming bigger than any IT department or Help desk in any organisation around the globe. The internalisation of the management and accountability of a security incident is becoming an unattainable business function. The market is seeing a growing need to externalise the cost of an incident. With businesses better […]
What’s the risk? Meltdown and Spectre are two vulnerabilities which have been gaining substantial media attention over recent months. These vulnerabilities reside in the hardware of modern CPUs. These hardware vulnerabilities allow programs and applications to steal data currently being processed on the computer including that of privileged applications. This data may include system passwords, […]
What’s the risk? An unauthenticated Remote Code Execution/Denial of Service vulnerability has been identified as affecting the WebVPN component of various Cisco ASA services. This vulnerability presents a significant risk to an organisation’s Confidentiality, Integrity and Availability as it may allow an external attacker to remotely compromise an organisation’s VPN gateway. How might you be […]
In this instalment of ‘Talking Cyber Security’ Phil Kernick and David Simpson discuss how organisations should be looking at their business and what considerations they should be making, including looking at their past, present and future Cyber Security strategy in-line with their business. With no regulations set around software, it’s development, function, use and it’s […]
Uber have recently released details of a large-scale data breach identified to have occurred in October 2016. As with all companies of this size, Uber was legally required to report the hack to regulators and users affected by the breach. However, the decision was made to pay off the hackers (~$132,000 AUD) for the deletion […]
The Australian Government is among a small collection of companies who have fallen victim to the insecure storage practices of a third-party contractor, leading to the exposure of emails, passwords, credit card details and other personal information of nearly 50,000 Australian staff. Organisations caught up in this breach include UGL Limited, AMP Limited and Rabobank, […]