In today's digital age, cyber-attacks have become an unfortunate reality for businesses and individuals alike. The aftermath of a cyber-attack can be devastating, resulting in financial loss, reputational damage, and legal liability. Cyber insurance has emerged as a vital component...
Background The Log4Shell critical vulnerability in the widely used logging tool Log4j has caused concern beyond the cyber security community. This is because Log4j - rather than being a single piece of software - is a software component that’s used by millions of computers worldwide running online services....
Background Apache Log4j2 is a ubiquitous library used by millions for Java applications; the library is part of the Apache Software Foundation’s Apache Logging Services project. The vulnerability CVE-2021-44228, disclosed on December 9, 2021, allows for remote code execution against...
Background BlackMatter is a new ransomware threat discovered at the end of July 2021. BlackMatter is ransomware-as-a-service (Raas) tool that allows the ransomware's developers to profit from cybercriminal affiliates (i.e., BlackMatter actors) who deploy it against victims. This malware started...
Background The Microsoft Threat Intelligence Center (MSTIC) has released information on the uncovering of a widespread malicious email campaign undertaken by the activity group that Microsoft tracks as NOBELIUM. Nobelium, which operates from Russia, is the name given to the threat actor behind...
The Cybersecurity and Information Security Agency (CISA) has released a mapping analysis of 44 of its Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year 2019 to the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework. CISA has identified...
Bank robbers don’t need balaclavas and shotguns anymore; they just need computers and stable networks! This is what the revelations of 36 significant data breach notifications from the boards of financial services firms in just four months give substance to....
It seems like there is a steady stream of news regarding data breaches and cyber-attacks in Australia. While most of these infringements impact smaller businesses, occasionally there are “major” security issues that affect big organizations and a large number of...
According to studies, almost 90% of Australian companies report that they receive around 5,000 cyber menaces a day. Australia’s banks and insurers have always been the most attractive targets for cybercriminals. As this is the case, the Australian Prudential Regulation...
The ongoing incompetency to progress with significant knowledge of purpose or necessity in the face of digital threats posed by cybercriminals and hackers puts critical national infrastructure at unnecessary risk from cyber attacks. These increasing number of cyber attacks in...