November 2019

Australian organisations are struggling to defend against cyber threats according to a recent study.   A total of 209 Australian CISOs responded to the annual Cisco Asia Pacific CISO Benchmark Study on the cyber security landscape with 65 per cent saying they are suffering from cyber security fatigue or are receiving so many daily threats they have given up proactively defending against them.   Australian organisations are receiving a...

Read More

If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorised attackers to hack your website server remotely.   The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could be exploited easily as a proof-of-concept (PoC) exploit...

Read More

CVE-2017-11882 has been attackers' favorite malware delivery mechanism throughout the second and third quarters of 2019.   The third quarter of 2019 brought the rise of keylogger Agent Tesla, the decline of phishing-delivered ransomware-as-a-service (RaaS), and attackers' continued preference for exploiting the CVE-2017-11882 Microsoft Office vulnerability to deliver phishing campaigns.   Emotet began to surge toward the end of last quarter, according to Cofense's Q3 2019 Malware Trends Report,...

Read More

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is investigating a widespread malware campaign known as Emotet. Emotet is a Trojan virus delivered via emails sent with malicious attachments. Cyber criminals use malware for different reasons, most commonly to steal personal or valuable information from which they can profit, hold recipients to ransom or install damaging programs onto devices without your knowledge. Email users should always exercise...

Read More