CyberCX Blog
10 FOLLOWERS
CyberCX Blog is the blog section of CyberCX, a leading cybersecurity company. Their mission is to protect organizations from cyber threats and build resilience in the digital world. Visit their website to access their informative blog, which covers topics such as threat intelligence, incident response, and cybersecurity best practices. Stay updated with the latest insights from industry experts.
CyberCX Blog
1y ago
Introduction
This article explains what Cross-Site Leaks (XS-Leaks or XSLeaks) are, as well as providing an example attack, along with mitigation options for application developers and systems administrators ..read more
CyberCX Blog
1y ago
To get full coverage testing during mobile application reviews, a jailbreak is sometimes used to grant root access to a mobile device. However, often frameworks and libraries use jailbreak or root detection to prevent mobile application inspection, or modification. Several native detections can be bypassed using a combination of Frida (Ravnås, 2023) and Objection (Jacobs, 2023). However, a number of development libraries and frameworks provide their own means of jailbreak or root detection. This article investigates the Flutter framework (Google, n.d.) and the m ..read more
CyberCX Blog
1y ago
One of the key outcomes of the recent Quad Leaders’ Summit, held in Hiroshima, Japan, was the establishment of a set of secure software development principles. With these principles, the four Quad nations — Australia, India, Japan, and the United States — have “re-affirmed their commitment to improve software security” (Quad Senior Cyber Group, 2023), and to build policy frameworks to guide the development, procurement, and use of software.   ..read more
CyberCX Blog
1y ago
In March and April 2023, a threat actor calling itself Anonymous Sudan claimed to have conducted at least 24 distributed denial of service (DDoS) attacks on Australian organisations in the aviation, healthcare and education sectors. CyberCX Intelligence observed and investigated several of these attacks. Our findings indicate that Anonymous Sudan is unlikely to be an authentic hacktivist actor, as it claims, and instead may be affiliated with the Russian state ..read more
CyberCX Blog
1y ago
Summary
This article serves as a beginner’s hardware hacking journey, performing a BIOS password bypass on Lenovo laptops. We identify what the problem is, how to identify a vulnerable chip, how to bypass a vulnerable chip, and finally,analyse why this attack works and ways that it can be prevented.  ..read more
CyberCX Blog
1y ago
Last week, Australia and New Zealand joined Five Eyes partner countries in calling out a Chinese nation-state actor – known as “Volt Typhoon” – for targeting US critical infrastructure. The cyber campaign was stealthy and designed for persistence. While one aspect of the campaign was espionage, Microsoft assessed [1] that Volt Typhoon was seeking capability to disrupt communications between the US and Asia in a future crisis scenario.
There are no known Australian or New Zealand victims of this campaign. But the joint government advisory warned that Volt Typhoon could target ..read more
CyberCX Blog
1y ago
Azure provides a metadata service that allows applications on a Virtual Machine (VM) to access information about the machine’s configuration, including any associated service account credentials. The sensitivity of this information makes it a common target for adversaries ..read more
CyberCX Blog
1y ago
This Threat Advisory was updated on 14 December 2022, following reports of vulnerability exploitation in FortiOS and Citrix appliances. On 13 December (around 0200 AEDT), Fortinet disclosed that recently patched CVE-2022-42475 is being actively exploited in limited attacks.[i] On 13 December (23:20 AEDT), the US National Security Agency (NSA) reported that CVE-2022-27518 in Citrix appliances is being actively exploited in targeted attacks by APT5.[ii] Both CVEs enable unauthenticated remote code execution (RCE).
Prawns, family barbeques and backyard cricket aren ..read more
CyberCX Blog
1y ago
Since the dawn of IT security, passwords have been an unavoidable necessity for humans to be able to interact securely with technology. At the same time, whether you’re an end user, an IT professional, or a business owner, our collective experience with passwords has been problematic at best ..read more