Entries by Shearwater

October 2016 Internet Security Report

Joomla takes the cake for most serious exploits doing the rounds this month, with a combination of account creation and privilege escalation vulnerabilities proving an easy way to take complete control of various versions of Joomla. The diagnosis is grim for anyone who was not paying enough attention to patch within 24 hours as mass […]

September 2016 Internet Security Report

September 2016 successfully delivered an eventful month for cyber security with a handful of threats, breaches and interesting developments in the security of Internet of Things devices. A Denial of Service attack on the website of investigative journalist Brian Kerbs was found to be largely comprised of compromised Internet of Things devices.  Ransomware continued to […]

August 2016 Internet Security Report

August 2016 was an overall interesting month for cyber security with the annual conferences taking place in America, the Census providing some interesting lessons learnt and discussion; and the Olympics creating an interesting platform for malicious actors. In addition to this, the industry as a whole experienced a diverse range of new threats, breaches and […]

NSW Government announces first eight fintech startups entering Tel Aviv landing pad

The NSW Government has announced the first eight fintech startups to enter the Tel Aviv landing pad, one of five that has been commissioned by the the Federal Government’s Australian Trade and Investment Commission (Austrade). Looking to push Sydney’s reputation as Australia’s fintech capital, the NSW Government worked in partnership with Austrade to help get local startups to […]

Phriendly Phishing selected for an exclusive startup program in Tel Aviv

Media Release Sydney, NSW – Phriendly Phishing, Australia’s pioneering phishing awareness training provider, has been selected as one of eight New South Wales businesses to be part of an intensive startup accelerator program, the Tel Aviv Landing Pad, in Israel. Aiming to stimulate Australian innovation and entrepreneurship, ‘Landing Pads’ are being held across the globe […]

July 2016 Internet Security Report

Threats Ransomware delivery through compromised websites continues to be a continued threat for end users despite the slowdown in major ransomware and exploit kit activity over previous months. There have been reports of the SoakSoak botnet performing automated reconnaissance and exploitation of websites through a vulnerable wordpress plugin resulting in the delivery of CryptXXX ransomware […]

Announcing the winner of the Shearwater Capture the Flag contest at AusCERT2016

…and the winner is… from the Ukraine, Team “dcua”. Shearwater Capture the Flag (CTF) challenge at AusCERT2016. The 48 hr contest featured 30 uniquely crafted challenges written by the expert team at Shearwater Solutions. The challenges included Web Exploitation, Reverse Engineering, Forensics, and many others. The contest was varied, featuring the usual capture the flag […]

April 2016 Internet Security Report

April continues on a growing trend of high-profile vulnerabilities with Badlock, a man-in-the-middle vulnerability in Windows and Samba services. The author of Badlock provided a very long patch preparation time so that teams could apply the patch within the shortest possible time after release. There is a growing need for critical patches that need to […]

January 2016 Internet Security Report

Threats Microsoft DNS patching – Microsoft released a patch for DNS this month. Reported internally, however may allow remote code execution and should be applied to all Microsoft DNS servers. (MS15-127). Soon after release traffic to port 53 increased on the internet suggesting there may be an exploit available.  If you have external facing Microsoft […]

I Think I Need to Be PCI Compliant… Now What??

By Heather Robins Sometimes, coming to grips with your company’s need to be compliant with the Payment Card Industry Data Security Standards (PCI DSS) feels a bit more like going through the Five Stages of Grief than tackling a standard issue business problem. I’ve been in the Information Security industry for a little over 5 […]