CyberCX Blog
Expert analysis, industry insights and latest news from our leading cyber security experts.
Introduction to Cross-Site Leaks – Attacks and Mitigations
This article explains what Cross-Site Leaks (XS-Leaks or XSLeaks) are, as well as providing an example attack, along with mitigation options for application developers and systems administrators.
Flutter Restrictions Bypass
This Technical Series blog investigates the Flutter framework (Google, n.d.) and the methods for bypassing its detections on iOS.
Driving the development of more secure software
The four Quad nations — Australia, India, Japan, and the US — have re-affirmed their commitment to improve software security and to build policy frameworks to guide the development, procurement, and use of software.
A bear in wolf's clothing
Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations.
Fickle Multi-Factor Authentication in Microsoft 365
MFA is widely accepted as necessary in our threat-filled environment, and often forms a critical part of compliance frameworks. Once applied though, what assurance does an organisation have that its configuration is impermeable?
What Volt Typhoon could mean for your organisation
Find out what the Volt Typhoon attribution means for your organisation, and the three priority considerations CyberCX is recommending.
Hardware Hacking to Bypass BIOS Passwords
A beginners hardware hacking journey of performing a BIOS password bypass on Lenovo laptops. In this article we identify what the problem is, how to identify a vulnerable chip, how to bypass a vulnerable chip, and why this attack works and ways that it can be prevented.
Azure SSRF Metadata
Find out how Azure-hosted services can be exploited through Server-Side Request Forgery (SSRF) attacks and what developers and system administrators can do to minimise these risks.
Patch Now to Avoid a Cyber Crisis this Holiday Season
Cyber risk can rise over the holiday season, especially for organisations that don’t use December to adequately prepare.
Get Ready to Kiss Passwords Goodbye
Since the dawn of IT security, passwords have been an unavoidable necessity for humans to be able to interact securely with technology.
At the same time, whether you’re an end user, an IT professional, or a business owner, our collective experience with passwords has been problematic at best.
Threat Advisory. Escalating geopolitical tensions between Russia, Ukraine and NATO members: Impacts for Australian and New Zealand organisations
The situation in Ukraine is actively evolving. CyberCX Cyber Intelligence is closely monitoring developments.
Upcoming Changes to the Payment Card Industry Data Security Standard: New Hashing Requirements
Organisations that are subject to the Payment Card Industry Data Security Standard (PCI DSS) should be aware of changes to the Standard in order to ensure that remain compliant with the updated requirements.
Threat Advisory
Russian travel sanctions against an additional 32 New Zealanders: Impacts for New Zealand organisations’ cyber risk
On 30 July, the Russian Foreign Ministry announced sanctions against 32 New Zealanders working across the defence, local government, higher education and media sectors.
CyberCX Intelligence assesses that the public listing of these individuals will increase their attractiveness as a target to Russian-based threat actors.
Location, location, location: Keeping track of risk with Microsoft Authenticator
One of the common security controls our customers implement to keep themselves safe and secure is region-specific conditional access policies.
Threat Advisory
Lessons Learned: Phishing and Impersonation Campaign Targeted Australian Organisations Through Abuse of e-Learning Provider
CyberCX proactively notified affected organisations and advised the e-learning provider of the persistent abuse of its services.
CyberCX Intelligence has been unable to link this phishing campaign to a specific actor or financial motive, but assesses it is likely an at least moderately-resourced threat actor with sustained intent to target Australian organisations.
Threat Advisory
Russian travel sanctions against an additional 120 Australians: Impacts for Australian organisations’ cyber risk
On 16 June, the Russian Foreign Ministry announced sanctions against 120 Australians operating across the defence, government, mining, technology, think tank, higher education, entertainment and media sectors.
CyberCX Intelligence assesses this development materially increases cyber risk in the immediate to medium term for the sanctioned individuals and organisations directly connected to them.
Intelligence Update
Solomon-Islands-China Security Agreement: Implication for regional cyber risk
There is increasing diplomatic tension and instability in the Pacific, a development likely to also increase cyber risk for all organisations in Australia and New Zealand.
The Solomon Islands-China Security Cooperation Agreement (the Security Agreement) and associated actions will be key drivers in the Pacific cyber threat landscape.
Intelligence Update
A question of timing:
examining the circumstances surrounding the Nauru Police Force hack-and-leak
On 2 May 2022, 285,631 files stolen from the Nauru Police Force, including some relating to alleged human rights abuses in Australia’s offshore processing centres, were leaked.
CyberCX assesses that there are several anomalies that invite scepticism about the motivations of the threat actor and warrant further investigation.
CyberCX Cyber Dialogue: A-UK-US heavyweights talk Russia’s invasion and cyber implications
The Ukraine-Russia war is a major turning point in cyber history – this was the key message emerging from Cyber Dialogue webinar.
Change and disruption: How the Russia-Ukraine conflict is reshaping cyber crime
Australian and New Zealand organisations face a real chance of ransomware, data theft extortion or DDoS attacks by pro-Russia criminal groups and hacktivists.
How critical is critical: CyberCX thoughts on the CERT NZ Critical Controls 2022
For many organisations, knowing what “cyber security stuff” to do is a real challenge. Vendors are always looking to sell you the next silver bullet, so how do you get advice you can trust?
Threat Advisory Update. Russia/Ukraine conflict: Impacts for Australian and New Zealand organisations
CyberCX continues to urge all Australian and New Zealand organisations to adopt a posture of heightened cyber readiness and awareness.
To pay or not to pay: In a ransomware attack, this is not always the question
The Australian Cyber Security Centre received nearly 500 reports of ransomware attacks against Australian organisations last financial year. CERT NZ received over 70 reports during the same period.
When Scanning Isn’t Enough: Practical Tips for Log4j Vulnerability Detection
Threat Advisory Update
Russian travel sanctions increase to target 387 Australians: Impacts for Australian organisations’ cyber risk
On 21 July, the Ministry announced sanctions against a further 39 Australians operating in border protection, law enforcement and immigration organisations, predominantly in the public service.
CyberCX Intelligence assesses this development materially increases cyber risk in the immediate to medium term for the sanctioned individuals and organisations directly connected to them.
Log4j Critical Vulnerability (CVE-2021-44228): Planning for the holidays
The Log4j/Log4Shell incident is continuing to evolve. We have seen both blue teams and red teams changing and improving their techniques to adapt.
Log4j Critical Vulnerability (CVE-2021-44228): Practical Tips to Protect Your Organisations
Accellion Kiteworks Vulnerabilities
Adam discusses a set of of Kiteworks flaws, chained into authenticated user to remote root code exec
Fortinet FortiPortal Vulnerability Disclosures
Ben provides details on the recent vulnerability disclosures to Fortinet in the FortiPortal management portal
AirTag Hacking
Jamie shares an improved methodology for dumping the firmware of an
Apple AirTag.
Identifying Gophish Servers
Alain shares a methodology for discovering and identifying Gophish deployments in the wild. How easy is your Gophish installation to spot?
Ghostscript SAFER Sandbox Breakout (CVE-2020-15900)
Tim shares the discovery process of a recent Ghostscript bug, and lessons learned.
Advanced Open Redirection Vulnerability Discovery
Toby discloses advanced methods for detecting open redirection vulnerabilities.
JSON Web Token Validation Bypass in Auth0 Authentication API
Ben discusses a JSON Web Token validation bypass issue disclosed to Auth0 in their Authentication API.
Exploring Users With Multiple Accounts In BloodHound
Alain presents a methodology and Python script for exploring Active Directory users with multiple accounts in BloodHound.
PlayStation Classic Hacking
Ben discusses a method for gaining a root shell on the PlayStation Classic with the use of hardware hacking techniques.
Ten things you should know about ISO/IEC 27001
ISO 27001 is a risk-based compliance framework designed to help organisations effectively manage information security.
Enhancing protection of Australian critical infrastructure
Critical infrastructure law reform remains a major focus for the Australian Government in 2021.
2021 Cyber Trends Analysis
This blog article sets out CyberCX’s predictions for Australia and New Zealand’s cyber security landscape in 2021.
LogRhythm Zero Days
As a result of our team’s penetration testing and exploitation activities, we uncovered a series of high-risk vulnerabilities that could be chained together.