Anti-spam organisation hit by colossal cyber attack

Reports are emerging this week of a massive Distributed Denial of Service (DDoS) attack which some experts are calling the biggest cyberattack in the history of the internet.

The attack was targeted at anti-spam organisation Spamhaus, and may have been executed by users angry at having been placed on the company's 'blacklist' of IP addresses and computers which have distributed spam in the past.

Continue reading

Ethical hacking provides comprehensive vulnerability management

There are many different ways in which a cybercriminal might look to gain access to a secure server or database, which is why comprehensive vulnerability management requires a multifaceted approach.

It's true that penetration testing evaluations and security audit assessments are a great way to determine whether there are any particular backdoors or exploits that a cybercriminal might choose to target when attacking your enterprise

Continue reading

“The faster I type my password, the more secret-agenty I feel”

Jacqui Henderson

Our new password cracking service…

Securus Global recently implemented a new offline password cracking service that allows us to identify which user accounts have easily ‘crackable’ or guessed passwords. Identifying these accounts is key to an organization’s security, as accounts with weak passwords are an easy way for an attacker to gain a foothold into an organisation’s network. This capability has long been available to malicious hackers, and is now available to our customers as well.

Popular weak passwords:

For an attacker, one of the most trivial ways to get into user accounts is to attempt to log in with known usernames, using easily-guessed passwords, either manually or using an automated “brute-force” password guessing tool. User accounts with weak passwords make this process significantly easier for an attacker.

            Here are the top 25 worst passwords of 2012 (from Tech Time*) Continue reading

UK invests in cyber security Academic Research Institute

The UK Government Communications Headquarters has announced the introduction of a new cyber security Academic Research Institute, set to open for business in April of this year.

The institute is the second of its kind in the UK, with the first having been in operation since September 2012, and has been funded by a £4.5 million (AUS $6.53 million) government grant.

Continue reading

PCI SSC announces first Asia-Pacific PCI Community Meeting

The Payment Card Industry Security Standards Council (PCI SSC) has announced that it will be hosting the first ever Asia-Pacific PCI Community Meeting in November 2013.

In the past meetings such as this have been held in North America and Europe, however the PCI SSC has decided to include the Asia-Pacific in this year's rotation following a successful PCI town hall style meeting which was held in Singapore in June 2012.

Continue reading

ASIC make ePayments safer with new code

Most retailers in Australia will already be familiar with the Payment Card Industry Data Security Standards (PCI DSS) – the best practice guidelines which govern the safe processing and storage of consumer credit and debit card information.

However organisations which accept electronic payments have a new set of best practice regulations to learn this month, following the arrival of the new ePayments Code.

Continue reading

Three reasons why your organisation should consider a security audit

A security audit evaluation is a great way for your organisation to determine any areas where it might potentially be vulnerable to a cyberattack.

Of course, as with any investment, many businesses will look to weigh up the opportunity cost of taking this measure well in advance of contacting a security auditing service.

Continue reading

New report highlights value of penetration testing, PCI DSS compliance

A new report into Queensland's online service delivery has called on the state's public service sector to improve overall vulnerability management, in order to mitigate the risk of an internet security attack.

According to the Queensland Audit Office (QUA), people are now expecting the same speed, security and responsiveness from public sector online services as they are getting from those services provided by the private sector.

Continue reading

$40,000 awarded in ethical hacking competition

A cybersecurity expert has been awarded a $40,000 cash reward for discovering a partial exploit in the Google Chrome web browser.

In a blog post published March 18, Google Chromium chief reward officer Chris Evans confirmed that a man going by the alias Pinkie Pie had received the prize for his participation in a recent ethical hacking competition hosted by Google.

Continue reading

Computer hacker sentenced to 41 months in prison

Noted computer hacker Andrew Auernheimer – AKA Weev – has been sentenced to 41 months in prison for his part in a high profile cybersecurity incident which occurred in mid-2010.

27-year-old Auernheimer was found guilty in November 2011 for hacking into the servers of telecommunications company AT&T and gaining access to the personal data of around 114,000 iPad users.

Continue reading