How Azure Active Directory opens new authentication risks
Hybrid cloud identity and access management services add complexity and opportunity for attackers to network authentication processes.
Stories by Lucian Constantin
-
-
Ragnar Locker continues trend of ransomware targeting energy sector
Ransomware gangs seem to be exploiting concerns over disruptions in the energy and other critical infrastructure sectors.
-
Multi-stage crypto-mining malware hides in legitimate apps with month-long delay trigger
The Nitrokod cryptocurrency mining campaign goes to great lengths to avoid detection and can remain active for a number of years.
-
Sophisticated scammers bypass Microsoft 365 multi-factor authentication
Hackers have developed ways to bypass multi-factor authentication on cloud productivity services like Microsoft 365, formerly Office 365.
-
New ransomware HavanaCrypt poses as Google software update
A new strain of ransomware has been making victims for the past two months, masquerading as a Google software update application.
-
"Evil PLC Attack" weaponises PLCs to infect engineering workstations
Researchers demonstrate a proof of concept where hijacked programmable logic controllers can compromise engineering workstations to allow lateral movement.
-
New exploits can bypass Secure Boot and modern UEFI security protections
Two research groups demonstrate PC firmware vulnerabilities that are difficult to mitigate and likely to be exploited in the wild.
-
Chinese APT group uses multiple backdoors in attacks on military and research organisations
The TA428 group has been successful by targeting known vulnerabilities and using known detection evasion techniques.
-
Sophisticated malware of Chinese origin shows up again in the wild after 3 years
The sophisticated rootkit malware infects system firmware to avoid detection and has claimed victims in China, Iran, Vietnam and Russia.
-
GPS trackers used for vehicle fleet management can be hijacked by hackers
At least one model of GPS tracking devices made by Chinese firm MiCODUS "lacks basic security protections needed to protect users from serious security issues".
-
New speculative execution attack Retbleed impacts Intel and AMD CPUs
Unlike other speculative execution attacks like Spectre, Retbleed exploits return instructions rather than indirect jumps or calls.
-
Office 365 phishing campaign that can bypass MFA targets 10,000 organisations
The phishing web pages that this adversary-in-the-middle phishing campaign uses act as a proxy and pull content from the legitimate Office 365 login page.
-
Attacker groups adopt new penetration testing tool Brute Ratel
APT group's use of a legitimate pen-testing tool gives them stealth capabilities, allowing them to avoid detection by EDR and antivirus tools.
-
APT campaign targeting SOHO routers highlights risks to remote workers
The ZuoRAT remote access Trojan malware can compromise multiple router brands and likely has been active for years.
-
Dozens of insecure-by-design flaws found in vendor OT products
A new research project from OT:ICEFALL has uncovered 56 vulnerabilities in operational technology (OT) devices from 10 different vendors.
Events
SustainTech
Join key decision-makers within Environmental, Social, and Governance (ESG) that have the power to affect real change and drive sustainable practices. SustainTech will bridge the gap between ambition and tangible action, promoting strategies that attendees can use in their day-to-day operations within their business.
EDGE 2023
EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.
WIICTA 2023
ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.
ARN Innovation Awards 2023
Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.
Brand Post
Automate for business sustainability
By Kalyan Madala, CTO for IBM Australia, Southeast Asia, New Zealand & Korea (ASEANZK)
Sponsored By
