A long life with ISO 27001!
Happiness and a long life with ISO 27001! “Data is the new oil!” The phrase was famously uttered by British mathematician Clive Humby nearly 20 years ago but it’s often used today, not in its original context, but to try to convey the idea that data is valuable in its own right. The reality of course […]
TPSP AOCs save you money!
TPSPs score goals and save money! Protecting sensitive information has become a vital aspect of running any business, and one area that requires a high level of vigilance is payment security, especially for businesses that handle credit card (also known as cardholder) data. These businesses must adhere to the Payment Card Industry Data Security Standard […]
SharpC2 in the real world
Introduction to SharpC2 SharpC2 is an open-source (.NET based) command-and-control framework developed by RastaMouse. The main component of SharpC2 is the TeamServer (and related .NET rich client) which is responsible for both generating implants (called drones in SharpC2 parlance) as well as communicating with said implants when they are deployed to the target. SharpC2 contains […]
DotSec’s AOC saves you money!
DotSec’s AOC saves you money! DotSec provides managed SIEM services to customers in a range of industries but as described in cyber security standards such as APRA’s CPS 234 and the Payment Card Industry Data Security Standard (or PCI DSS), cyber-security service providers are increasingly on the hook when it comes to the certification and […]
Happy memories of an old hack
The good old (Internet banking Hack) days! So a long time ago (25 years ago actually!) in a research centre not so far away, I helped to write a paper that described an old Internet banking hack, outlined how the authentication systems that were used by browser-based internet banking applications could be bypassed and presented […]
Hey nice business!
It’d be a shame if something happened to it! In the real, physical world, extortion is a real problem and across the world, certain gangs and organisations see extortion as a legitimate way to earn real money, even apparently in the nuclear power industry! [10] The Internet is of course similar in many ways to the […]
Relax! it’s not my first time!
Oh for heavens sake! Can we all agree that the Optus event doesn’t really matter? I mean, it really does matter, of course! But still, it kinda feels like deja view all over again [1] and I can’t help but think I should relax! It’s not my first time! Once upon a time… [2] Five years […]
Penetration testing over two years
Some penetration testing stats It was the great Gordon Ramsay that said, “I don’t like looking back. I’m always constantly looking forward. I’m not the one to sort of sit and cry over spilt milk. I’m too busy looking for the next cow.” But still, it can’t hurt to keep track of how the cow-hunting […]
Cyber insurance: A risky business
Cyber insurance. A risky business! As the frequency of cyber attacks increases and incident recovery becomes more expensive, it is important for businesses to have cyber insurance to reduce the potential losses associated with such events. In fact, such coverage is something we expect will become mandatory for all kinds of contracts and agreements in […]
It’s in the trees! It’s coming!
It’s in the trees! It’s coming! * Since March, we’ve been very busy providing incident-response and recovery services for organisations that have fallen victim to cyber crime. During that time, we have observed: Similarities in the security services, infrastructure and practices that were in place before the target organisations were compromised. Similarities in tactics and […]