Privasec Information Security in Sydney, Australia | Business service

Privasec Information Security

Locality: Sydney, Australia

Phone: +61 1800 996 001

Address: 64 Clarence street 2000 Sydney, NSW, Australia

Website: https://privasec.com

Likes: 63

Add/Update information

Reviews

Tags

• Businesses
• Local service
• Business service
• Consultation agency
• Consulting agency

25.01.2022 So after having a blast in #Singapore & #Brisbane, #cyberriskmeetup is all set to rock in #Melbourne on 18/09. We have an exciting panel of speakers eager to share their views on #AI and its impact on attack & defense. Grab your spot now https://zurl.co/4X5t #cybersecurity

25.01.2022 Marriot on Friday reported a data breach affecting the information of 500 million of its Starwood customers. The stolen information includes name, phone number, email addresses, passport number and in some cases credit card numbers and expiry dates. While the company is still taking measures to do damage control for the second biggest breach in history (after Yahoos data breach), here is what consumers can do to protect themselves: Look out for any suspicious activity on y...our bank account. Continuously monitor all activities and immediately report any unauthorised transactions. Limit information you share with your company. A travel company may ask for your passport number, but customers can also provide a different form of identification. Try not saving credit card details on untrusted websites. Reset any reused passwords associated with your Starwood account. Select strong passwords that are difficult to predict and consider using a password manager. Look out for updates from Marriot but be aware of phishing emails trying to take advantage of the news relating to the breach.

24.01.2022 US based hardware giants Dell recently announced a security breach that took place earlier in the month of November. Even though Dell forced its customers to reset their passwords, users should still be concerned. If hackers are able to steal passwords from one website then they can possibly use that information to access some other websites too. It is recommended you reset any passwords for other websites where the same password was used on Dell.com and support.dell.com. ...Use strong and unique passwords and promote the use of a password manager. Check out the following link to learn more about good password practices. https://www.linkedin.com//urn:li:activity:647009602373697/

24.01.2022 Some valuable intake on the latest Wipro breach. Managing the risk of doing business with 3rd parties and service providers remains a big challenge for companies. https://zurl.co/jir8

23.01.2022 An organisation can lose its data due to many reasons: cyber-attacks, corrupt storage media, rogue employees or human error. A simple yet effective solution to backup your data is the 3-2-1 strategy. The strategy consists of three steps: STEP 1: Create three copies of your data including one primary copy and two other backup copies. STEP 2: Store the two backup copies on two different media such as hard disks or cloud. STEP 3: Always keep one of these copies at an offsi...te location. Daily backups are bread and butter for any IT department. Yet many companies fail to formulate a backup and recovery plan for their data. Start by implementing the 3-2-1 backup strategy. Check out the following article by one of our experience consultants, David Roccasalva, about considerations that need to be taken before making a data backup strategy. https://zurl.co/W7jc

22.01.2022 Even some of the most accomplished IT professionals are not sure about the difference between a vulnerability scan and a penetration test. Here are three basic differences between the two terms: 1. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment. A penetration test on the other hand is the practice of testing a computer system, network or web application to identify insecure business processes, poor security se...ttings, or other weaknesses that a hacker could exploit. 2. While a vulnerability scan informs the stakeholders about the system vulnerabilities, a penetration test shows how these vulnerabilities could be exploited to cause harm to the organisation. 3. A vulnerability scan could be performed by an organisation's IT department using tools such as OpenVas and Nessus. A wide range of tools are available for use during a penetration testing but its the skill of an experienced pen-tester that is needed to identify ways in which vulnerabilities can be exploited. #penetrationtesting #vulnerabilityscanning #privasec

21.01.2022 Privasec has opened it's new Brisbane office this month !! Give us a call for the details

20.01.2022 A critical bug has just been discovered in the new iOS allowing eavesdropping via FaceTime. A fix is expected later this week, but in the meantime, it is highly recommended to turn off FaceTime. https://zurl.co/9fye

20.01.2022 Vigilance is a great defence against cyber-attacks. Here are some good cyber security habits: 1. Use strong passwords. Try to keep your passwords unique to your accounts, and change them regularly. If you have trouble remembering passwords, a password management application can help you keep track.... 2. Build a robust software updating policy, especially for the operating systems and Internet security software that you're using. Cyber criminals often use known exploits or flaws in software to gain access to your system. With software updates, these issues will get patched. 3. Know and document your external perimeter. It’s important to know and keep track of the information that's been exposed to the Internet. 4. Train staff and use email filters to prevent phishing. To stay protected against more sophisticated cyber threats, contact us via email at [email protected], or call us at 1800 996 001 (AU) / +65 6631 8375 (SG).

19.01.2022 Privasec's "Hacker Accelerator Program" is designed to train graduates/young professionals passionate about information security with one to one mentoring from experts. Applications for the June intake end on 17th May. Register your interest here: https://zurl.co/qSiq

18.01.2022 Plenty happening in January.

17.01.2022 Interesting BBC article about the #BAhack. How did hackers manage to extract CVV codes, when these codes are not supposed to be stored in the first place? Read the full article at https://zurl.co/nhrL #britishairways #cyberattack # BAhack #Hackers

17.01.2022 Department of Homeland security has issued an emergency directive requiring all US agencies to operate with a .gov domain. AU Gov tends to follow US Gov directives in turn so potentially, this is something that may be incorporated into the ISM in future. #DHS #AU #security #ISM

16.01.2022 The importance of Information and Technology Governance cannot be overstated. With companies trying to maximise the value derived from IT assets while managing the associated risks, the need for a structured approach to designing and implementing enterprise governance for IT is key. ISACA's COBIT has been one of the most accepted frameworks in this area for over 20 years. Recently ISACA has released COBIT 2019, its first update to the COBIT framework in nearly seven years. The new version provides comprehensive practical guidance and new focus areas in hot topics like DevOps, Cyber Security and Digital Transformation. COBIT 2019 has been written in a way that can now easily be customised for small-to-medium sized business.

16.01.2022 Importance of Application Whitelisting Strategy for Businesses Application whitelisting is the practise of specifying an index of approved software applications to run on a computer system. The Australian Cyber Security Centre (Australian Governments lead on national cyber security) categorises application whitelisting as one of the eight essential cyber risk mitigation strategies. Having an application whitelisting strategy is crucial for any organisation. The goal of w...hitelisting is to protect computers and networks from potentially harmful applications by not allowing attackers to place their own executables on the system or replace known good executables with compromised ones. Application whitelisting also prevents zero-day attacks by not allowing execution of any untrusted applications. Thus, having the right application whitelisting tool in place is key to prevent running of non-trusted applications. Some well-known commercial whitelisting solutions include Airlock Digital, McAfree and Digital Guardian. AppLocker, gatekeeper and Logstash are some of the free tools available for application whitelisting.

15.01.2022 Dropbox has recently revealed three critical vulnerabilities in the Apple MacOS operating system, which could allow a hacker to execute a malicious code by convincing the victim to visit the malicious web page. https://zurl.co/B7ge The video demonstration shows that researchers have been able to create a two-stage attack on a Mac computer just by convincing the victim to follow the malicious page.... Apple continuously releases updates to fix new vulnerabilities. Users should continuously install monthly updates in order to protect their systems against such threats. Source: The Hacker News

14.01.2022 One of the most overlooked ACSC Essential Eight strategies in mitigating cyber security incidents is daily backups. Think of it as your absolute fail-safe in a scenario when all other security controls have failed. Daily backups should still be the bread and butter of any IT department, weve all been doing it for years. However, how confident are you in your organisations process? Are you backing up all of your companys important data, software and configurations daily? Are the backups securely stored? When was a full recovery of backup data last tested? How quickly could your organisation recover from a ransomware attack? Sometimes its worth checking to ensure the basics are operating as expected. https://zurl.co/CStr

13.01.2022 According to the OAIC (Office of the Australian Information Commissioner) report, 36% of all cyber-attacks in Australia are caused by human error, this is the phenomenon known as PEBKAC (Problem Exists Between Keyboard And Chair). Thus, employees are our greatest assets, and our weakest link by potentially falling victim cyber-attacks in various forms. They are also our first line of defence, hence continuous education, training and awareness is needed to remain vigilant against cyber-attacks. Give us a call at 1800 996 001 and talk to our highly experienced security consultants to discuss your companys cybersecurity priorities and discover how we can help.

13.01.2022 It's #blackfriday! Get 67% off our @DroneSec online training courses for Drone Security Operations! Use code ‘PRIVADEAL’ for the course bundle. #drones #dronesecurity #security #training

13.01.2022 Apart from having financial implications, a security breach leads to loss of consumer trust. An illustration of this is in the hospitality industry, where breaches can have a negative impact on consumer perception, satisfaction and intent to revisit (Berezina et al., 2012). In their study Consumer security behaviors and trust following a data breach, authors Shelby R. Curtis, Jessica Rose Carre and Daniel Nelson Jones concluded that, following a data breach consumers per...ceived companies as less trustworthy, but did not change their behavioural intentions to be personally more secure. This suggests that companies should be omitting reliance on improved user security practices. Our team of experienced security consultants can assess your current security posture with a Cyber Resilience Health Check. Give us a call at 1800 996 001, and discover how we can help.

12.01.2022 ATO claims to have received more than 115,000 faxed documents in 2017-18. According to The Age, and the Sydney Morning Herald , many small Australian companies in the healthcare, finance and legal sector still use fax on a daily basis. The vulnerabilities in the fax machine protocols havent been updated since the 1980s and such extensive use of fax printers in Australia pose a huge problem. At the recent DEF CON 26 hacker event in Las Vegas, two security researchers from... Check Point demonstrated one such exploit - Faxploit. They showed that a hacker only needs a fax number to exploit these vulnerabilities. A specially coded colour jpeg can have any malware code, which when received by the fax printer, can easily be decoded and uploaded into the printers memory. The malware can then spread through the device and ultimately to the network that is connected to the fax-printer. https://zurl.co/37Ud One way to prevent Faxploit is via network segmentation. Companies can limit the data access to an attacker by breaking large networks into smaller ones, or by isolating fax machines in their own subnetworks.

11.01.2022 At the recent #PRIVACON2020, Amit Chaubey presented an insightful overview on security expectations of the APAC #criticalinfrastructure #CII space. From its complexity and challenges, threat vectors to standards, this is a session not to be missed! https://zcu.io/h0SB

10.01.2022 Recently discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Nore Info at: https://www.krackattacks.com/

09.01.2022 In cyber security, a tight defence is also a versatile one. To cope with significant growth and sophisticated global cyber-attacks, cyber security needs to evolve to counter new threats every day. At Privasec, we tap into our reservoir of experience to keep your business protected. Our deep expertise also ensures that your security stays up-to-date, and in line with your business goals.... With a customised approach and clear understanding of your security needs, we're primed to propose a solution that responds to critical threats quickly and effectively. Contact us via email at [email protected] or call us at 1800 996 001 (AU) / +65 6631 8375 (SG) to find out more today!

08.01.2022 After a wonderful turnout in Singapore, #cyberriskmeetup is really excited to come to #Brisbane on 12th Sept. We are oversubscribed! If you are attending, come up and say hi to us! We have great speakers who will be sharing their views on #3rdpartyrisk management. #Privasec

07.01.2022 What a night we had celebrating our finalist ‘Cyber Business of the Year’ category at the Defence Connect #AustralianDefenceIndustryAwards at the Star with our #Sydney team. Congratulations to everyone in our #Privasec team across Australia and South East Asia - we are so proud of you, especially for all of your hard work, dedication and passion in all that you do. Congrats also to the other finalists and category winners! #Melbourne #Brisbane #Singapore #Australia #awards #cybersecurity

06.01.2022 Facebook has issued an update for both Android and iPhone users to fix a flaw in Whats App. Attackers have been abusing an audio call to install spyware and steal data. So, it is highly recommended to install updates on the following versions. Source: Bank Info Security

06.01.2022 Addressing online security and privacy, Politics Live reporter Greg Dawson and Josh Smith (a researcher at Demos) explained how useful this information could be for political campaigners. https://zurl.co/frTH

06.01.2022 Almost every week, an ever-growing list of data breaches occurs around the world. In a lot of cases, attackers gain access to sensitive information such as a hashed password database. An alarming observation of recent attacks is how credentials are stored. Many of the recent breaches (small and large), are using old, outdated and insecure methods for todays standards such as MD5, unsalted SHA variations and even plain-text passwords. These methods can be trivial for an atta...cker to retrieve the plain-text passwords through brute-force attacks. The ISM and NIST provide guidance and recommendations of storing passwords. As a summary: ISM: As per control 1252, agencies must store credentials in a hashed format using a strong hashing algorithm that is uniquely salted. For example, a hashing algorithm from at least the SHA2 family. NIST: Passwords must be hashed (SHA1-3) and salted with at least 32-bits of data. Its recommended to ensure best-practices and hardening guides are followed to protect such sensitive information. In addition, layering security controls such as implementing MFA provides an extra level of protection. The goal here is to ensure that if a breach occurs, brute-force type attacks would prove impractical.

05.01.2022 Adobe has recently released security updates to fix two critical vulnerabilities for Acrobat and Reader. The first vulnerability, identified as CVE-2018-16011, can lead to the execution of arbitrary code. The second vulnerability, identified as CVE-2018-19725, can result in privilege escalation. As these vulnerabilities are public now, it is highly recommended that both Mac and Windows users install these updates. Click on the following link for further action: https://zurl.co/oNh7

02.01.2022 Password security remains one of the most neglected topics in the cyber world. Despite increasing awareness in this space, there are still a number of people using 1234546 or password to secure their account! Here are a few basic tips for the general public to strengthen your passwords: Avoid predictability: Use nonsense phrases instead of words. Avoid personal information such as name, DOB, anniversary or a pet name. This can significantly enhance the password strength... by making it difficult to crack. Decrease reliance on the browser: Even though companies such as Google have taken steps to improve password security of their browsers, still most of the browsers dont promote good password hygiene. One of these practices include auto-filling whereby one stores his/her username and password on the browser, for an instant click and log in. Decreasing dependence on the browser can help reduce the chances of a password breach. Use a password manager: It is not ideal to use the same passwords on multiple platforms. A password manager gives you the flexibility to be creative with your password phrases and you don't have to remember all of them. Typically, all stored passwords are encrypted, and you just need one master password to access all the passwords. #becreative #password #cybersecurity

02.01.2022 Part Two of Privacon 2020 videos are now ready. George Do, CISO from Gojek treated our audience with an engaging session on insider threats. Is a paradigm shift needed? The topic of the insider threat is subtle but critically important for CISOs, security leaders and security programs. Join in for the ride if you've missed this one. https://zcu.io/5Yec... Stay tuned for the rest of the session recordings! #PRIVACON2020 #ridingthedigitalskies #insiderthreat #cybersecurity #cyberattack #cyberrisk #infosec #ITsecurity #security #CISO

01.01.2022 The 2019 Threat Report produced by Sophos provides an in-depth analysis of key cyber-attack trends. Here are some key highlights: Prepare for ransomware attacks The report analyses ransomware attacks (e.g. WannaCry, Dharma and SamSam) and argues that the worst manual ransomware attacks started when the attacker discovered that an administrator had opened a hole in the firewall for a Windows computers remote desktop.... Using multi-factor authentication (MFA) and limiting the use of domain admin credentials to dedicated machine(s) are effective tools to prevent ransomware. We also suggest developing an incident response plan (IRP), testing it, and training staff who need to know about it. Attacks via IoT devices There has been significant growth in the numbers of attacks targeting IoT devices. Simple measures such as changing the default passwords to prevent reinfection is key as attacks targeting IoT devices are not slowing down. Practise the fundamentals The report emphasises the importance of returning to the basics. This includes using of password manager and multi factor authentication where available. Do not store passwords in plain text. Be mindful of clicking on unknown links or opening unknown files or messages. Be careful of what you store in "the cloud".

01.01.2022 Distributed Denial-of-Service (DDoS) attack is an attempt to disrupt the normal functioning of a network, server or a website by flooding it with internet traffic. During a DDoS attack, there is practically no time to react. Therefore, it is crucial to have a plan before a DDoS attack strikes. The plan must properly document the network topology diagram for management of crucial assets during the attack and require the alerting of relevant stakeholders. A few other tricks f...or preparing for a DDoS attack include use of sufficient bandwidth, infrastructure redundancy, DNS server redundancy and use of WAF (web application firewalls) for server protection. https://zurl.co/QIhy #ddos