CyberCX Blog
Expert analysis, industry insights and latest news from our leading cyber security experts.
Intelligence Update
A question of timing:
examining the circumstances surrounding the Nauru Police Force hack-and-leak
On 2 May 2022, 285,631 files stolen from the Nauru Police Force, including some relating to alleged human rights abuses in Australia’s offshore processing centres, were leaked.
CyberCX assesses that there are several anomalies that invite scepticism about the motivations of the threat actor and warrant further investigation.
CyberCX Cyber Dialogue: A-UK-US heavyweights talk Russia’s invasion and cyber implications
The Ukraine-Russia war is a major turning point in cyber history – this was the key message emerging from Cyber Dialogue webinar.
Privacy by Design: CyberCX Recognises Leaders in the Field
CyberCX has identified the Australian companies leading among their peers on privacy. As Australia’s regulatory and policy settings on privacy tighten, leadership on privacy is increasingly important.
When Scanning Isn’t Enough: Practical Tips for Log4j Vulnerability Detection
CyberCX 2022 Budget Analysis
Cyber and critical technology are big ticket spending items for this federal Budget, as Australia heads into a federal election. In this post we set out the major spending measures, and what they could mean for Australian organisations and our broader threat landscape.
Change and disruption: How the Russia-Ukraine conflict is reshaping cyber crime
Australian and New Zealand organisations face a real chance of ransomware, data theft extortion or DDoS attacks by pro-Russia criminal groups and hacktivists.
Squeezing a balloon: How Australia's new ransomware laws will affect businesses
Threat Advisory Update. Russia/Ukraine conflict: Impacts for Australian and New Zealand organisations
CyberCX continues to urge all Australian and New Zealand organisations to adopt a posture of heightened cyber readiness and awareness.
Threat Advisory. Escalating geopolitical tensions between Russia, Ukraine and NATO members: Impacts for Australian and New Zealand organisations
To pay or not to pay: In a ransomware attack, this is not always the question
Log4j Critical Vulnerability (CVE-2021-44228): Planning for the holidays
The Log4j/Log4Shell incident is continuing to evolve. We have seen both blue teams and red teams changing and improving their techniques to adapt.
Log4j Critical Vulnerability (CVE-2021-44228): Practical Tips to Protect Your Organisation
Ten things you should know about ISO/IEC 27001
ISO 27001 is a risk-based compliance framework designed to help organisations effectively manage information security.
Enhancing protection of Australian critical infrastructure
CyberCX 2021 Budget Analysis
After experiencing one of the most challenging years in living memory, Australia has a unique opportunity to emerge from the
2021 Cyber Trends Analysis
LogRhythm Zero Days
As a result of our team’s penetration testing and exploitation activities, we uncovered a series of high-risk vulnerabilities that could be chained together.