Advice on Spectre and Meltdown vulnerability Updated 11/01/2018
We are aware of and are following closely the hardware vulnerability released today that affects current and legacy CPU platforms for both desktop and server environments. We are currently assessing courses of action for our IAAS services and will provide updates to affected customers as soon as more information becomes available.
As a general advisory ... Read more about this post
Actions on Wi-Fi “Krack” attack dated 17/10/2017
As many of you are aware, a vulnerability in the WPA-2 protocol has been discovered as per detail here.
How bad is the problem?
The vulnerability can impact any device that uses WPA2 to connect to a Wi-Fi network
Patches are not yet available from all vendors (see below)
A malicious actor could inject malicious data into un-encrypted HTTP ... Read more about this post
Action on WannCry ransomware outbreak You may be aware of the outbreak of Ransomware which is a Cryptolocker variant over the weekend. This particular attack has a weaponised payload which has the potential to affect a far wider scope than the initial infected host.
The malware also attempts to access the IPC$ shares and SMB resources the victim’s system has access ... Read more about this post
Assets and how they relate to Risk Management Assets
Last time we talked about the benefits of an ISMS. The cornerstones of an ISMS are knowing what your assets are and then conducting Risk Management processes based on the value of those assets versus the value of the control against a likelihood and consequence matrix.
Firstly, what do we mean by some of these things? ... Read more about this post
ISMS. Tick box or powerful tool, your choice. ISMS – Information Security Management System, what’s it mean to you?
Our people have consulted on ISMS development for some time. Recently we’ve had staff certified as PECB ISO\IEC 27001 lead implementers. For many, policy sounds pretty dry. Policy, Standards and Procedure is the stuff someone else usually does, or the stuff we’ve had for years ... Read more about this post
Talking Passwords and Entropy This month we are talking passwords,
Password strength is a measure of the effectiveness of a password in resisting guessing, brute force cracking, dictionary attacks or other common methods. Usually strength can be measured by how many trials an attacker who does not have direct access to the password would need, on average, to guess it ... Read more about this post
Education, your most powerful defence Anatomy of a social attack
You may have seen the article recently where a Brisbane council was defrauded of significant amounts of money by scammers. While investigations are ongoing, this appears to be primarily a social engineering attack similar to several that we have provided advice on in South Australia over the last few months.
Like the ... Read more about this post
Cryptolocker and the ASD top 4 and 35 Crypto “levels up”
In recent developments of Cryptolocker variants, the added element of “scareware” has been introduced. Trading on the success of the “Jigsaw” character in the horror genre of movies, users are extorted more money as minutes pass and even more if the machine is re-booted. This added element of social engineering the user is ... Read more about this post