Displaying items by tag: Hack

The SolarWinds attack, and all its ramifications, have made news headlines for months. Tim Brown, the company’s CISO and VP of Security spoke exclusively to iTWire to lay out what really happened - and what did not happen.  It is also a sobering call to how software development practices can never be the same again.

On the 25th of January, ten days after ASIC became aware of a cyber security incident affecting a server used by ASIC, the world was notified of the ASIC hack attack.

Security firm CrowdStrike is touting for more business, beyond its base in the US. That's probably why the company has put out a mid-year threat report which mostly contains details of tactics, techniques and procedures.

The Australian National University has released a report about the attack on its network which was announced in June 2019, providing a detailed timeline but no attribution for the hack or a possible reason as to why it was undertaken.

Australian intelligence officials have concluded that the breach of the Federal Parliament network in February was carried out by China, but has kept it quiet to avoid any problems in the bilateral trade relationship, a report claims.

A recent, sophisticated attack on the popular Binance cryptocurrency trading platform saw users’ accounts compromised and simultaneous withdrawals made to the tune of 7000 Bitcoins (worth $40m at the time).

When news of the breach of the Federal Parliament network broke on Friday, the Australian Signals Directorate was quick to point out that attribution, if it was made, would take time.

Firmware and hardware security firm Eclypsium (recently funded by Andreessen Horowitz and others) has released new findings, demonstrating that BMC (baseboard management controllers) vulnerabilities can actually be exploited to "brick" servers, rendering entire data centres and cloud applications completely useless.

The head of the Australian Cyber Security Centre, Alastair MacGibbon, says it is impossible to say where the breach of systems at the Australian National University originated.

Cloud endpoint protection provider CrowdStrike has released research revealing a threat spends an average of 86 days in a corporate network before it is detected, despite needing under two hours to move laterally to other systems on the network.

The latest round of "Russia hacked the DNC" claims has arrived in the form of a jailed Russian who claims to have left proof on the Democrat National Committee's server that he was behind the hack, which, he claims, was done at the behest of Russia's FSB.

No matter the protections you have in place, the last defence for cyber security rests with the end user. How do you educate in a respectful, engaging way? I tried out Phriendly Phishing, built on this very premise, finding it reduced my risk and exposure to phishing and that my users enjoyed the process.

Travel industry software booking engine Sabre has disclosed what may be a massive breach of payment and customer data. Sabre is used by more than 36,000 hotels and accommodation providers.

A hacker known as “the darkoverlord” has accessed most of the new season five of Netflix’s Orange is the new Black and posted it on the torrent site The Pirate Bay.

A massive 10,613 sites on the dark web have been taken down by a group affiliated with Anonymous. It claims that child pornography comprised more than half the data stored in the websites, along with details of nearly 381,000 users.

Hacked Internet of Things (IoT) devices are powering massive botnets and cybercriminals are offering DDoS attacks as a service. A total of 900,000 ZyXEL routers took down Deutsche Telekom users last week.

A YouTube video has apparently deceived more than a few iPhone 7 owners into drilling holes in their devices, in a bid to create a headphone jack.

It has long been said that Instagram accounts could be hacked in 120 seconds. There are various websites offering Instagram password generators where all you need is a user’s account name or email address.

Yahoo says it is “aware” that a stolen database was advertised on the dark web, but it would not confirm or deny that the records were real.

On a scale of one to 10, the 2012 LinkedIn breach of 6.5 million user credentials rated, say, a five. But what if the real number of affected users was 167,370,910, including the email and banking details of more than 117 million users? That is a 10 out of 10!