Cyber Security

A high percentage of discovered bugs remain unremediated for a long time, a new study shows.   Chances are high that almost every single application an organisation uses has at least one security vulnerability in it.   Contrast Security recently analysed telemetry gathered between June 2019 and May 2020 from applications in development, testing, and operations at customer locations. The exercise found 96% of applications contained at least one...

Read More

Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations (DJI) that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal information to DJI's servers.   The twin reports, courtesy of cybersecurity firms Synacktiv and GRIMM, found that DJI's Go 4 Android app not only asks...

Read More

A zero-day vulnerability has been discovered in Zoom video conferencing software for Windows that could allow an attacker to execute arbitrary code on a victim's computer running Microsoft Windows 7 or older.   By the way, if someone is still using Windows 7, they deserve to get hacked, including many organisations without extended support, because it's only a matter of time before they'll be a victim of...

Read More

Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers.   The vulnerability, assigned CVE-2020-5902 and rated as critical with a CVSS score of 10 out of 10, could let remote attackers take complete control of the targeted systems, eventually gaining surveillance over the application...

Read More

The industry's latest buzzword is largely a repackaging exercise that bundles a collection of capabilities together and offers them as a cloud-delivered service.   A new buzzword invading the marketing materials of cybersecurity vendors is Standing for Secure Access Service Edge (SASE). The term, coined by Gartner, refers to a technology trend in support of cloud-based applications and remote working, in which networking and security functionality converge...

Read More

The advent of the Covid-19 pandemic and the impact on our society has resulted in many dramatic changes to how people are traveling, interacting with each other, and collaborating at work.   There are several trends taking place as a consequence of the outbreak, which has only continued to heighten the need for the tightest possible cybersecurity.   Tools for Collaboration   There has been a massive spike in the adoption...

Read More

Joint Statement   Australian Department of Foreign Affairs and Trade   Australian Cyber Security Centre   As Australians and the international community band together to respond to COVID-19, the Australian Government is concerned that malicious cyber actors are seeking to exploit the pandemic for their own gain.   Of particular concern are reports that malicious cyber actors are seeking to damage or impair the operation of hospitals, medical services and facilities, and crisis...

Read More

A new version of COMpfun remote access trojan (RAT) has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe.   The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence" based on the history of compromised victims—spread via an initial dropper that masks itself as a visa application, the Global Research...

Read More

DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers' data to unknown and unauthorised third parties.   Though the hosting company has not yet publicly released a statement, it did has started warning affected customers of the scope of the breach via an email.   According to the breach notification email that affected customers [1,...

Read More

The money companies are spending on cybersecurity tools doesn't necessarily result in better security, a new survey shows.   Organisations of all sizes are under near-constant attack from cybercriminals — that we know. And of course they must defend themselves against attacks. But there are some huge questions about just how effective their ability to do so is. A new report by Mandiant Security Validation aims to...

Read More