New Zealand Cyber Security Blog
Thoughts on the cyber security landscape with a pinch of technical insights
When Scanning Isn’t Enough: Practical Tips for Log4j Vulnerability Detection
Log4j Critical Vulnerability (CVE-2021-44228): Planning for the holidays
The Log4j/Log4Shell incident is continuing to evolve. We have seen both blue teams and red
Log4j Critical Vulnerability (CVE-2021-44228): Practical Tips to Protect Your Organisations
Accellion Kiteworks Vulnerabilities
Adam discusses a set of of Kiteworks flaws, chained into authenticated user to remote root code exec
Fortinet FortiPortal Vulnerability Disclosures
Ben provides details on the recent vulnerability disclosures to Fortinet in the FortiPortal management portal
Jamie shares an improved methodology for dumping the firmware of an
Identifying Gophish Servers
Alain shares a methodology for discovering and identifying Gophish deployments in the wild. How easy is your Gophish installation to spot?
Ghostscript SAFER Sandbox Breakout (CVE-2020-15900)
Tim shares the discovery process of a recent Ghostscript bug, and lessons learned.
Advanced Open Redirection Vulnerability Discovery
Toby discloses advanced methods for detecting open redirection vulnerabilities.
JSON Web Token Validation Bypass in Auth0 Authentication API
Ben discusses a JSON Web Token validation bypass issue disclosed to Auth0 in their Authentication API.
Exploring Users With Multiple Accounts In BloodHound
Alain presents a methodology and Python script for exploring Active Directory users with multiple accounts in BloodHound.
PlayStation Classic Hacking
Ben discusses a method for gaining a root shell on the PlayStation Classic with the use of hardware hacking techniques.
CyberCX Security Report | September 2021
- Delayed Reporting of Breaches Due to System Faults
- Cyber Criminals Target GitHub Repositories
- Top API Vulnerabilities
- Microsoft Exchange Server Vulnerabilities
TEN THINGS YOU SHOULD KNOW ABOUT ISO/IEC 27001
ISO 27001 is a risk-based compliance framework designed to help organisations effectively manage information security.
CyberCX Security Report | August 2021
- Privacy and Universal Jurisdiction
- Microsoft Warns of New Phishing Campaign
- Director Responsibility for Cyber Security
- Joint Advisory by AU, US and UK
CyberCX Security Report | July 2021
- The Race to Patch
- Insurance and Ransom Payments
- Securing VPNs
Enhancing protection of Australian critical infrastructure
Critical infrastructure law reform remains a major focus for the Australian Government in 2021.
CyberCX Security Report | June 2021
- Securing OT and Critical Infrastructure
- Government Considering Mandatory Cyber Crime Reporting
- SolarWinds Phishing Campaign
- Securing DevOps Pipelines
CyberCX Security Report | May 2021
- Australian firm unlocks iPhone
- Supply chain vulnerabilities
- Public-private partnership
- Unpatched vulnerabilities
CyberCX Security Report | April 2021
- Aggressive patching key to limiting your exposure to newly discovered vulnerabilities
- Acer reportedly facing $50M ransomware attack
- Ransomware – a unique challenge for small business
Asymmetrical Cyber Security
One challenge many large organisations encounter when developing cyber security strategies is how to adequately protect digital assets from adversaries that are smaller and more agile.
CyberCX Security Report | March 2021
- Grow your business by investing in cyber security
- InfoSec training is a business enabler
- Don’t neglect upgrading legacy systems
- QR codes expose devices to security risks
CyberCX Security Report | February 2021
- Boosting Privacy Protections
- Securing Digital Supply Chains
- Chrome Updates
2021 Cyber Trends Analysis
This blog article sets out CyberCX’s predictions for Australia and New Zealand’s cyber security landscape in 2021.
LogRhythm Zero Days
As a result of our team’s penetration testing and exploitation activities, we uncovered a series of high-risk vulnerabilities that could be chained together.
CyberCX 2020 AppSec Hackathon roundup
Gamified learning, such as hackathons, are widely seen as one of the most effective ways to develop new skills.
CyberCX Security Report | December 2020
- New rules for financial sector
- Don’t neglect physical security
- Securing your search engine ranking
- API security for AWS users
CyberCX Security Report | November 2020
- Insecure Third-Party Opens Way for Hackers
- Password-less IoT devices leave industries vulnerable
- Keep on top of patching to stop “Bad Neighbour” vulnerability
Top 5 reasons to make hackathons part of your team’s security training program
As managers look for new ways to upskill and motivate their teams, games are emerging as an increasingly popular component in employee security training programs.
CyberCX Security Report | October 2020
- Critical Vulnerability Allows Attackers to Bypass O365 MFA
- Insecure Third-Party Opens Way for Hackers
- Don’t Neglect Patching
- Zerologon Vulnerability Potentially Allows Attackers Full Administrative Rights in Your Domain