More than one in 10 Australians almost certainly had their personal information stolen by criminals in an astonishing hack on Uber accounts that the ride-sharing giant covered up for more than a year.

The multibillion-dollar company revealed the information of 57 million customers and drivers had been compromised in the data theft, which it then tried to cover up by paying a $US100,000 ransom to the perpetrators in a move new chief executive Dara Khosrowshahi admitted “should not have happened”.

And tonight, Uber confirmed Australian customers’ personal information had been stolen in the hack and informed the Privacy Commissioner.

The cybersecurity failure was exposed just months before new Australians laws force companies to reveal data breaches to consumers, though exclusive research from ESET will on Thursday reveal 60 per cent of organisations did not plan to reveal data thefts immediately.

With such breaches predicted to rise, our CTO Jason Edelstein said greater attention needed to be paid to “properly” enforcing the regulations when introduced, as having even basic personal information stolen could have dire consequences for consumers. For more information on how to protect yourself from a potential cyberattack read the article here.

The post Uber Data Breach appeared first on Sense of Security.

With the rise of the DevOps movement, a chasm has emerged as it becomes evident that super-fast and continuous software development and deployment is marginalising “traditional” security expertise, knowledge, and best practice.

In the haste of taking advantage of the benefits of DevOps, many enterprises aren’t addressing critical security requirements, resulting in numerous issues.

• Security not a primary concern – security not fully considered in design phases of projects, adding to additional cost and complexity later.
• Lack of secure coding awareness or best practice – insecure coding practices leaving applications exposed to easy attack and data breaches.
• Too much focus on availability – a single-minded focus on “uptime” that overshadows other important areas of improvement.
• Supply chain issues in software libraries – using third-party libraries resulting in latent and widespread vulnerability exposures.
• Misconfiguration of systems – infrastructure-as-code is very powerful, but can also amplify basic system hardening errors.

DevOps is good for making things better, faster. But there tends to be a culture clash between those talking about speed, velocity or agility and those concerned with issues such as control points.

So Goldschmidt and his colleagues are showing their clients how security can be integrated into DevOps (DevSecOps) in an automated manner without affecting velocity.

Most people with development, operations or cloud backgrounds aren’t well-versed in security, he suggests, so Sense of Security shows clients how DevSecOps means security and DevOps can run in parallel.

It’s not that complicated, but it’s something most people don’t think about. In today’s landscape, organisations need to embrace DevSecOps and begin to implement it within their organisations. For more information around securing your DevOps, visit our Security Automation for DevOps page. Sense of Security also provides a managed service around this topic. For more information visit our DevOps and SecOps as a managed security service page.

The post DevSecOps: Security Needn’t be Sacrificed for Speed appeared first on Sense of Security.

Sense of Security is only one of a few select vendors working in partnership with the government to help improve the region’s cyber capabilities and aid the federal government in achieving the objectives outlined in its strategy.

Company co-founder and COO Murray Goldschmidt told The Australian that the program will help tackle a key deficiency in cyber resilience at a regional level.

“There’s a lack of sophistication in some jurisdictions in the region and a lot of these countries contribute to the Australian economy,” he said.

“We have been selected to deliver the education component of the government’s program and help regional organisations and businesses understand the scope of the threat.

“Translating the technology risk into business risk is what we do best,” he added.

We are very proud to help the developing nations in the APAC region create cybersecurity policies and governance frameworks. Our aim is to better equip our regional neighbours to face the threat of a cyberattack, The Australian explains.

The post Sense of Security – DFAT – Partnership appeared first on Sense of Security.

Truth is, companies can prepare as much as they like, but today there are so many cyber-attack vectors that it’s virtually impossible to anticipate all of them. The most common types of attacks include malware, phishing, theft of credentials, Denial of Service (DoS) and web application vulnerabilities.

Where there’s a will, there’s a way. Businesses need to be prepared for any eventuality. Cyber security protection has traditionally meant investing in protecting a network and its assets; assuming you can avoid the worst. Yet as history is showing us, it’s now about how you respond and recover, on top of the traditional protective approaches. Our CTO Jason Edelstein explains.

The post Equifax Hones In On Cyber Security Holes appeared first on Sense of Security.

Australian organisations have fallen into the trap of being cybersecurity ‘box tickers’ as a result of commoditised penetration testing for risk audit purposes. Every year, businesses conduct the same test and get the same results. Whilst businesses fall into this lazy routine, cyber criminals are getting more sophisticated in their approach and the ways they break into networks. They are moving away from targeting systems they know go through rigorous testing, instead focusing on the master key that unlocks the door – us.

This is why, even for no other reason, businesses should go beyond box-ticking to actually thinking about where they are susceptible to attacks – whether through social engineering, physical breaches, mobile devices or IoT.

You can no longer just rely on the fact you’ve ticked boxes. By experiencing a simulated cyber-attack, you reveal a wider and deeper understanding of potential adversary options, including threat actor behaviours that may never have been previously considered, such as exploiting a partner’s or contractor’s network.

We spoke with Security Brief about how Australians have fallen into the trap of being cybersecurity “box tickers”.

The post Sense of Security talks red teaming, DevSecOps and “box ticking” appeared first on Sense of Security.

A lot of people are rushing these devices to market with little regard to implementing any security as part of them. There seems to be demand for consumers to connect almost any device to the Internet, even where it doesn’t make any sense. Hackers are using these as easy targets.

Risks from consumer devices are one thing but poorly designed medical devices – which are coming under fire as they are increasingly connected into what some call the Internet of Medical Things (IoMT) – can cause loss of confidential patient information and even put lives at risk.

Hospitals and other healthcare facilities are ripe targets for ransomware, DDoS attacks, and IoMT breaches.

Many of these organisations are producing products that are designed for mass deployments. There’s a lot more risk to these things than when they were traditionally disconnected. Any insecurities in those mass-market products could turn those things into zombie networks. The manufacturers we have dealt with are taking note of that, and are trying to build security into the design of the new products they are bringing to market.”

We sat down with CSO to discuss the IoT security vulnerabilities in Australian hospitals and how they can better protect themselves.

The post Medical consumer device makers are trying to improve IoT security appeared first on Sense of Security.

Following the incredible success of our Security Automation in DevOps Tutorials at Australian and regional conferences, we’re now offering as an extended two-day event at Black Hat Asia, Singapore, March 20-21, 2018.

For detailed information on this Tutorial, visit the Black Hat site to book in.

This two-day tutorial provides detailed technical advise on integrating security into DevOps environments by looking at opportunities at each stage of the development pipeline. The core focus is on automating repeatable security tasks allowing “low- hanging-fruit” issues to be remediated without human intervention.

The post Book Now for Black Hat Asia DevSecOps Training – 20-21 March 2018 appeared first on Sense of Security.

The post SOS appointed to supply contract LGP115 ITC Products, Services & Consulting appeared first on Sense of Security.

The post Appointed to Local Buy (Qld) – IT Specialist Consultancy Services appeared first on Sense of Security.