CyberCX Blog
Expert analysis, industry insights and latest news from our leading cyber security experts.
When Scanning Isn’t Enough: Practical Tips for Log4j Vulnerability Detection
The Log4j critical vulnerability (CVE-2021-44228) is being actively exploited and is a major concern for organisations worldwide.
LOG4J CRITICAL VULNERABILITY (CVE-2021-44228): PLANNING FOR THE HOLIDAYS
The Log4j/Log4Shell incident is continuing to evolve. We have seen both blue teams and red
LOG4J CRITICAL VULNERABILITY (CVE-2021-44228): PRACTICAL TIPS TO PROTECT YOUR ORGANISATIONS
Over the weekend, the Log4j vulnerability kept security teams across the world at work and
CyberCX Security Report | September 2021
- Delayed Reporting of Breaches Due to System Faults
- Cyber Criminals Target GitHub Repositories
- Top API Vulnerabilities
- Microsoft Exchange Server Vulnerabilities
Ten things you should know about ISO/IEC 27001
ISO 27001 is a risk-based compliance framework designed to help organisations effectively manage information security.
CyberCX Security Report | August 2021
- Privacy and Universal Jurisdiction
- Microsoft Warns of New Phishing Campaign
- Director Responsibility for Cyber Security
- Joint Advisory by AU, US and UK
CyberCX Security Report | July 2021
- The Race to Patch
- Insurance and Ransom Payments
- Securing VPNs
Enhancing protection of Australian critical infrastructure
Critical infrastructure law reform remains a major focus for the Australian Government in 2021.
CyberCX Security Report | June 2021
- Securing OT and Critical Infrastructure
- Government Considering Mandatory Cyber Crime Reporting
- SolarWinds Phishing Campaign
- Securing DevOps Pipelines
CyberCX 2021 Budget Analysis
After experiencing one of the most challenging years in living memory, Australia has a unique opportunity to emerge from the
CyberCX Security Report | May 2021
- Australian firm unlocks iPhone
- Supply chain vulnerabilities
- Public-private partnership
- Unpatched vulnerabilities
CyberCX Security Report | April 2021
- Aggressive patching key to limiting your exposure to newly discovered vulnerabilities
- Acer reportedly facing $50M ransomware attack
- Ransomware – a unique challenge for small business
Asymmetrical Cyber Security
One challenge many large organisations encounter when developing cyber security strategies is how to adequately protect digital assets from adversaries that are smaller and more agile.
CyberCX Security Report | March 2021
- Grow your business by investing in cyber security
- InfoSec training is a business enabler
- Don’t neglect upgrading legacy systems
- QR codes expose devices to security risks
2021 Cyber Trends Analysis
This blog article sets out CyberCX’s predictions for Australia and New Zealand’s cyber security landscape in 2021.
CyberCX Security Report | February 2021
- Boosting Privacy Protections
- Securing Digital Supply Chains
- Chrome Updates
LogRhythm Zero Days
As a result of our team’s penetration testing and exploitation activities, we uncovered a series of high-risk vulnerabilities that could be chained together.
CyberCX 2020 AppSec Hackathon roundup
Gamified learning, such as hackathons, are widely seen as one of the most effective ways to develop new skills.
CyberCX Security Report | December 2020
- New rules for financial sector
- Don’t neglect physical security
- Securing your search engine ranking
- API security for AWS users
CyberCX Security Report | November 2020
- Research highlights HTTPS and JavaScript security limitations
- Insecure Third-Party Opens Way for Hackers
- Password-less IoT devices leave industries vulnerable
- Keep on top of patching to stop “Bad Neighbour” vulnerability
Top 5 reasons to make hackathons part of your team’s security training program
As managers look for new ways to upskill and motivate their teams, games are emerging as an increasingly popular component in employee security training programs.
CyberCX Security Report | October 2020
- Critical Vulnerability Allows Attackers to Bypass O365 MFA
- Insecure Third-Party Opens Way for Hackers
- Don’t Neglect Patching
- Zerologon Vulnerability Potentially Allows Attackers Full Administrative Rights in Your Domain