Introduction This article explains what Cross-Site Leaks (XS-Leaks or XSLeaks) are, as well as providing an example attack, along with mitigation options for application developers and systems administrators ..read more

To get full coverage testing during mobile application reviews, a jailbreak is sometimes used to grant root access to a mobile device. However, often frameworks and libraries use jailbreak or root detection to prevent mobile application inspection, or modification. Several native detections can be bypassed using a combination of Frida ​(Ravnås, 2023)​ and Objection ​(Jacobs, 2023)​. However, a number of development libraries and frameworks provide their own means of jailbreak or root detection. This article investigates the Flutter framework ​(Google, n.d.)​ and the m ..read more

One of the key outcomes of the recent Quad Leaders’ Summit, held in Hiroshima, Japan, was the establishment of a set of secure software development principles. With these principles, the four Quad nations — Australia, India, Japan, and the United States — have “re-affirmed their commitment to improve software security” (Quad Senior Cyber Group, 2023), and to build policy frameworks to guide the development, procurement, and use of software.   ..read more

In March and April 2023, a threat actor calling itself Anonymous Sudan claimed to have conducted at least 24 distributed denial of service (DDoS) attacks on Australian organisations in the aviation, healthcare and education sectors. CyberCX Intelligence observed and investigated several of these attacks. Our findings indicate that Anonymous Sudan is unlikely to be an authentic hacktivist actor, as it claims, and instead may be affiliated with the Russian state ..read more

Summary  This article serves as a beginner’s hardware hacking journey, performing a BIOS password bypass on Lenovo laptops. We identify what the problem is, how to identify a vulnerable chip, how to bypass a vulnerable chip, and finally,analyse why this attack works and ways that it can be prevented.  ..read more

  Last week, Australia and New Zealand joined Five Eyes partner countries in calling out a Chinese nation-state actor – known as “Volt Typhoon” – for targeting US critical infrastructure. The cyber campaign was stealthy and designed for persistence. While one aspect of the campaign was espionage, Microsoft assessed [1] that Volt Typhoon was seeking capability to disrupt communications between the US and Asia in a future crisis scenario. There are no known Australian or New Zealand victims of this campaign. But the joint government advisory warned that Volt Typhoon could target ..read more

  ..read more

Azure provides a metadata service that allows applications on a Virtual Machine (VM) to access information about the machine’s configuration, including any associated service account credentials. The sensitivity of this information makes it a common target for adversaries ..read more

  This Threat Advisory was updated on 14 December 2022, following reports of vulnerability exploitation in FortiOS and Citrix appliances. On 13 December (around 0200 AEDT), Fortinet disclosed that recently patched CVE-2022-42475 is being actively exploited in limited attacks.[i] On 13 December (23:20 AEDT), the US National Security Agency (NSA) reported that CVE-2022-27518 in Citrix appliances is being actively exploited in targeted attacks by APT5.[ii] Both CVEs enable unauthenticated remote code execution (RCE).    Prawns, family barbeques and backyard cricket aren ..read more

Since the dawn of IT security, passwords have been an unavoidable necessity for humans to be able to interact securely with technology. At the same time, whether you’re an end user, an IT professional, or a business owner, our collective experience with passwords has been problematic at best ..read more