News // Cyber Security

Alcorn Group Cyber Security News

  • CiscPwn: Hiding the intruder in plain sight.     //    
  • CiscPwn: Hiding the intruder in plain sight. image

    Innovation is at the heart of hacking. The hacker’s mindset needs to consider how common items may be manipulated to provide any advantage, whether that’s looking at online presence or finding ways to physically infiltrate an organisation.

    Introducing Josh R. - Operations Manager at Alcorn Group, hacker, and innovator, whose customised modification to Cisco phone hardware is assisting our consultants in the field. We call it CiscPwn.

    A.G.: What are we looking at, what is this phone device and what can it do?

    Josh: We often use devices “implanted” at client networks in order to maintain access. This is a functional computer with hacking tools ready for us to connect remotely and run attacks. We custom made this for a job; the basic build was done in under a day. Since then we’ve added improvements. Typically we’ll build a device for a specific job if needed, then add new features and improvements when we think of them.

    A.G.: Why did you choose a phone for the basis of this hardware?

    Josh: Lots of spare room, and it fits in at most meeting rooms or desks without raising too many eyebrows. The phone is fully functional, but because it would need to be configured for the PBX at the target, we typically hang the phone on the loading screen so it looks like it’s frozen.

    A.G.: Was it difficult to place the device on the site?

    Josh: Very easy! When the device looks like it fits in, then it’s normally a matter of plugging it in. We snuck it into a network and used it to maintain remote access. It was very successful.

    A.G.: You recently gave a presentation about this device, tell us about that.

    Josh: I gave a presentation on Red Team techniques, how to get in the mindset of an attacker. Which for us often comes down to low risk and high success rates. These devices are low risk because they’re difficult to trace, and once we have one implanted there’s a good chance we’ll be able to compromise the network.

    A.G.: Are there changes you’d like to make for the next version?

    Josh: We have a few improvements to detect tampering and more… but let’s not give it all away.

    A.G.: Will Alcorn Group be doing more hardware like this one?

    Josh: We have a number of other purpose-built devices already, and whenever we see the need or have an opportunity we add to the list. We can make custom gear for an engagement for sure.

    A.G.: What advice do you have for businesses on protecting themselves from hardware like this one?

    Josh: Port security and a good asset management policy are key. Asset management and an easy way to identify legitimate items is incredibly important.

    A.G.: If someone finds a suspicious piece of hardware like this one on their business premises, who should they contact?

    Josh: Ahh, well, roll incident response. …(Have) a good IR plan.

    Incident response is a vital piece of the puzzle when safeguarding your systems against intruders. Alcorn Group offer a range of incident response services to fill your needs, ranging from assistance in preparing your IR strategies, determining which areas of your business may require extra attention, or helping you recover in the aftermath of an incident.

    Call our consultants today on 1300 368 806.

    Contact Us

  • read more
  • Alcorn Group named as a finalist in AISA Awards 2018     //    
  • Alcorn Group named as a finalist in AISA Awards 2018 image

    Alcorn Group is proud to be named a finalist for the AISA Awards 2018 in the Cyber Security SMB Employer of the Year category.

    The Australian Information Security Association (AISA) has been running its annual awards program since 2012 to recognise and promote excellence, innovation, and professionalism within Information Security by individuals, projects, and organisations.

    This category honours organisations with less than 1000 employees who have helped engage the general community and other businesses to promote and improve cyber security capabilities and maturity in the sector.

    Voting closes at midnight on Thursday 27 September 2018, and winners will be announced at the Australian Cyber Conference on 10 October 2018.

    See the Finalists here

    Contact Us

  • read more
  • Alcorn Group at Barefoot Bowls     //    
  • Alcorn Group at Barefoot Bowls image

    The Alcorn Group team took to the green at the Merthyr Bowls club this week.

    Finger-food was provided for the hungry crew, which all agreed was quite tasty (including the magpie who came to snack while we were playing). Then, breaking into four groups across two lanes, we faced off against each other to see who was the best at rolling balls in a curved line to deliberately miss the things we were aiming at. Which of us could have foreseen that the balls would roll so far, or so askew?

    The competition was fierce, with light-hearted heckling to be heard throughout the match. Strategy became key, and at some points players would engage in the meta-game, rolling their ball into blocking positions for the adjoining game, thereby disrupting potential future combatants.

    Reece’s Rockin’ Rollers proved strong against Harvey’s Hackers, but Dook’s Divas took the day, finishing off against Kleidon’s Klassics. A great day was had by all.

    Contact Us

  • read more
  • Effective Security for Smaller Organisations     //    
  • Effective Security for Smaller Organisations image

    The need for effective security is not just limited to large organisations. Smaller organisations equally need to consider the importance of the information they hold, and the impact to their business and customers if this information fell into the wrong hands or was no longer available.

    While there are many best practice standards available to guide good security implementation, their relevance and ability to be applied in smaller organisations may not be clear. This can make it difficult for smaller organisations to determine the scope and extent of security controls that they can practically implement, and whether they have the internal capability to do so.

    As highlighted in a recent podcast interview with AEMO’s Chief Security Officer, Tim Daly, standards like the NIST Cybersecurity Framework are available for organisations of all sizes to use. The interview also highlighted partnering with a service provider for assistance where internal expertise may not be available.

    How can the NIST framework help? While comprehensive and detailed in nature, the framework still offers a good model for smaller organisations to adopt, being based around a lifecycle approach to cybersecurity-related risk. It aims to guide organisations to:

    • Identify the information and services that are important to the organisation
    • Protect those important assets through proactively identifying and implementing appropriate security measures at a level appropriate for the organisation
    • Detect malicious or unauthorised activities that could put the organisation’s information and services at risk
    • Respond to those activities effectively to minimise any impacts
    • Recover any impacted information or services in a planned, timely and effective manner.

    Still not sure where to start and what to do? Alcorn Group can work with your organisation to perform a NIST capability and gap assessment to help determine your organisation’s current security posture. We can also provide recommendations on appropriate cybersecurity measures to address any gaps and guide you on their implementation. These activities together will help your organisation achieve the first two stages of the NIST framework – “Identify” and “Protect”.

    Do you need a trusted partner to perform those ongoing security functions that your organisation does not have the internal capability to deliver? Alcorn Group can tailor a managed security service to fit your organisation’s needs. From effectively planning for and responding to cybersecurity incidents, through to assisting with returning impacted services to normal operations, our managed security service solutions will help your organisation achieve the final three phases of the NIST framework – “Detect”, “Respond” and “Recover”.

    Contact Us

  • read more
  • Regulatory Requirement for Aviation Security Identification Card (ASIC) Issuing Bodies     //    
  • Regulatory Requirement for Aviation Security Identification Card (ASIC) Issuing Bodies image

    The Aviation Transport Security Regulations 2005 require issuers of ASICs (“Issuing Bodies” or “IBs”) to establish and implement a program of procedures to ensure they perform functions and exercise powers in an appropriately secure manner. Recent regulatory oversight has highlighted the need to ensure these procedures adequately address how electronic information about ASICs and ASIC applications is handled and stored.

    Alcorn Group suggest that IBs ensure that their systems that contain or host ASIC information meet the ACSC Essential Eight and OWASP Top 10 requirements. Alcorn Group also suggest that IBs audit their procedures annually to ensure ongoing compliance. As a CREST certified organisation, Alcorn Group can assist IBs by independently assessing their systems’ compliance through:

    • conducting assessments against the ACSC “Essential Eight” mitigation strategies
    • performing OWASP “Top 10” assessments and penetration tests of web applications
    • assessing and testing other procedures in the IB’s ASIC program.

    Alcorn Group can work with IBs to develop an annual independent assessment and testing program that meets the IB’s regulatory obligations, with engagements scheduled throughout the year, and as part of a multi-year program if desired.

    Contact Us

  • read more
  • Third Party Security Assessments Now Offered by Alcorn Group     //    
  • Third Party Security Assessments Now Offered by Alcorn Group image

    Due to demand from our clients and the recent release of APRA Draft CPS 234 we are very pleased to announce that we now offer Third Party Security Assessments to meet the needs of your business. See below for more information about TPA’s or contact us.

    Our Service

    To assist in meeting corporate, customer and regulatory obligations, Alcorn Group can conduct third-party security assessments on behalf of your organisation. These assessments are in questionnaire format and are aligned to recognised industry standards for information security.

    Alcorn Group will work with you to conduct the assessments of your nominated third party service providers via your organisation’s nominated contact. Third-party responses will be assessed based on information and evidence provided. Assessment results will be reported back your organisation with areas of concern highlighted for further consideration and remediation tracking.

    Our approach ensures a consistent and reliable means of gaining visibility over third-party information security controls while freeing up your internal resources to focus on other important activities. Packaged with our other security services, this service will assist in providing greater independent assurance over your organisation’s security posture and management of third-party risk.

    Contact Us

  • read more
  • Release of OAIC Notifiable Data Breaches Quarterly Report (April - June 2018)     //    
  • Release of OAIC Notifiable Data Breaches Quarterly Report (April - June 2018) image

    The Office of the Australian Information Commissioner (OAIC) has released its first full quarterly report of statistics on notifiable data breaches reported during the April to June 2018 period. Key results highlight that of the 242 breach notifications reported:

    • 142 (or 59%) were attributed to malicious or criminal attacks, of which 97 were cyber incidents.
    • Of the 97 cyber incidents reported, the majority were attributed to compromised credentials resulting from phishing, brute-force attacks, or by unknown methods.

    Organisations can better protect the personal information they hold through establishing a regular program of security assessment and testing to identify and remediate vulnerable targets before they are compromised. Alcorn Group specialises in performing vulnerability assessments and penetration testing, which combined with our other services such as red teaming and threat and risk assessments, can provide a broad and effective means to assist with mitigating the risk of data breaches.

    Contact Us

  • read more
  • Alcorn Group Sponsors Appsecday 2018     //    
  • Alcorn Group Sponsors Appsecday 2018 image

    Alcorn Group is proud to be sponsoring AppSec Day - Brought to you by the Open Web Application Security Project (OWASP) Foundation

    “AppSec Day is Australia’s only conference dedicated entirely to application security. Aimed at providing a welcoming environment for developers, testers, devops engineers and security professionals alike. To improve their application security knowledge, skills and to network with other like minded professionals. With a day filled with talks, hands on workshops and panel sessions to learn all things application security.”

    Appsec Day is a fantastic event where you can immerse yourself in great talks, network with other security-minded professionals and attend hands-on workshops all in the same great location - RMIT University in Melbourne

    Join us on October 19th 2018

    Contact Us

  • read more
  • Draft APRA Prudential Standard CPS 234 on Information Security     //    
  • Draft APRA Prudential Standard CPS 234 on Information Security image

    In response to the increasing frequency, sophistication and impact of information security attacks, in March 2018, APRA released draft Prudential Standard CPS 234 on Information Security. The proposed standard will require regulated entities to ensure they have effective security controls in place to protect against and respond to such attacks.

    Australian regulated entities impacted by the proposed new standard are banks, building societies credit unions, life and general insurance and reinsurance companies, private health insurers, friendly societies and superannuation funds (excluding self-managed funds). The standard broadly covers the following areas that regulated entities will need to address:

    • Information security roles and responsibilities
    • Information security capability and policy framework
    • Information assets and controls, including incident management
    • Controls testing and internal audit
    • APRA notifications

    The consultation period closed in June 2018, and it is expected that the final version of the standard will be released in late 2018. The proposed effective date for the new standard is 1 July 2019.

    In preparation, regulated entities will need to assess their current information security control environment, identify any gaps, and develop and execute action plans to address any shortfalls. With its broad scope of security services, Alcorn Group can assist organisations with performing these assessments, as well as provide ongoing support for meeting the new requirements beyond the proposed effective date.

    Contact Us

  • read more
  • Creating Secure Passwords     //    
  • Creating Secure Passwords image

    With the enormous number of passwords we require in our day to day lives, it’s no wonder that people reuse them across multiple sites, or use the minimum complexity they can get away with. How does anyone store that many complex passwords in their head all at once?

    A good password is hard to guess but easy to remember. It has uppercase letters and lowercase letters, numbers, special characters, and it is long. It doesn’t include any personal information.

    This scares a lot of people, but it doesn’t have to look like this:

    .\^>s]rok?JA?}uv”BL~

    On the other hand, it shouldn’t look like this:

    Tigger123!

    Instead, there is another method of creating a good password, called a passphrase. It has uppercase letters and lowercase letters, numbers, special characters, and it is long.

    It looks something like this:

    The phone sits next to 3 keys. It is on the desk!

    Not all password fields will allow spaces; this can be alleviated by using a different character instead of a space.

    For example, if I replace the space with the letter z:

    Thezphonezsitsznextztoz3zkeys.zItziszonzthezdesk!

    A passphrase gains complexity with each element that is included in it, but it remains easy for a human brain to recall. It’s also easier to input without errors than the original complex password shown.

    But the program says my password is too long!

    Sentences are wonderful things. They vary in length. If the program or website that you’re constructing a password for doesn’t allow a lengthy password, choose a shorter one. Shorter sentences can be memorable, while still having complexity. It’s preferable to aim for the upper margins of what’s allowed, rather than the lower margins. If the program allows for a password of 4-14 characters, choose 14 characters rather than 4, such as in this example:

    JumpUp,2frogs!

    So why can’t I use this great password everywhere?

    It’s important to avoid reusing passwords. Not every organisation will safely store your password, and if you’ve reused passwords and one site gets breached, this can then mean that other sites you use are also affected.

    Are there bad passphrases?

    Not all passphrases are good to use as passwords. Book or song titles, song lyrics, or commonly known quotes may be present in password dictionaries. However, creating a unique sentence about the things around you will ensure that you’re not treading the same territory that hackers have already covered.

    Meanwhile, you can check if your account has been breached by searching at https://haveibeenpwned.com/. This handy service will allow you to see what the breach was, when your account was breached, whether your details were pasted anywhere, and the source of the breach.

    Contact Us

  • read more
  • Alcorn Group at Whisky Live 2018     //    
  • Alcorn Group at Whisky Live 2018 image

    It’s that time of year again - the time to taste some fantastic whiskys at Whisky Live.

    With a range of fine spirits on offer, as well as plenty of distiller histories being told it was a tasty and informative evening.

    Particularly popular were the Peaty Whiskys such as Octomore By Bruichladdich and Talisker’s Entire Range as well as the fantastic King’s Ginger

    Contact Us

  • read more
  • Alcorn Group and the Room of Many Escapes     //    
  • Alcorn Group and the Room of Many Escapes image

    Alcorn Group the Sleuth Master Extraordinaires visited the Brisbane Escape Hunt for an afternoon of fun and mystery.

    All teams succeeded, with minimal hacks involved.

    Contact Us

  • read more
  • Hacking Windows Domains     //    
  • Hacking Windows Domains image

    Sydney’s newest go-to security industry conference, PlatypusCon, took place on Sat 24th September. Targeted at infosec enthusiasts of all capabilities and experience, this year’s event took on a fresh approach to conferencing - holding interactive workshops instead of talks, whereby attendees could try their hands at breaking and entering, capturing flags, hacking drones and fuzzing!

    Alcorn Group’s managing consultant Lukasz Gogolkiewicz had the pleasure of demonstrating to his 50-strong audience the art of hacking Windows domains. Lukasz’s workshop took attendees on a journey of network service enumeration to identify vulnerabilities, and if possible, establish a foothold on the network. From there, it was a flag capturing mission for points via privilege escalation techniques, domain controller attacks such as password extraction and exploiting misconfigurations in service permissions.

    The workshop was received well by the attendees and the opportunity for Alcorn Group to share some of the more intimate techniques behind Windows hacking was appreciated. Keep an eye out on our twitter feed and website for more information on upcoming workshops and training sessions on hacking Windows domains and web applications.

  • read more
  • Oceana CACS Conference     //    
  • Oceana CACS Conference image

    This year’s Oceania CACS conference is being held on the Gold Coast from September 11 -13. Run by ISACA, this is the premier event in our region for IS Governance, IS Security and IS Assurance professionals.

    Alcorn Group’s founder and managing director will be presenting on Monday September 12 at 11:00am with Mayus Nath, Director of QLD Audit Office. With the theme of this year’s conference being ‘Governance, Empower, Protect’ Mayus and Wade will present to the audience their thoughts on empowering the use of new technologies by understanding attacks on Critical Infrastructure with Advanced Persistent Threats (APT’s).

    With information technology becoming more and more pervasive, not only in enterprises but also in social and public settings, organisations need to embrace new technologies, including Internet of Things in order to enter the market and be competitive. However, until recently, protection has been focussed on information system. Wade and Mayus will discuss how organisations need to take a broader view now days, incorporating multiple technologies when designing and implementing security. They’ll also take a closer look at why browsers are involved in so many advanced persistence threats (APTs). Attendees will learn more about how web browsers within organisations provide opportunities for attackers.

    The program of speakers for this year’s conference should ensure informative and insightful sessions for all attendees. For more information on the 2016 Oceania CACS click here

    If you would like more information on Alcorn Group’s contribution to this year’s event or have any general inquiries please contact us here.

  • read more
  • Future of Work Security Panel     //    
  • Future of Work Security Panel image

    This week Alcorn Group’s founder and managing director Wade Alcorn had the pleasure of joining a panel of security experts in a discussion on the importance of security in collaborative cloud environments at the inaugural Redeye Future of Work (FoW) conference.

    The FoW 2016 program was packed with informative sessions and keynotes from some of the Technology industry’s greatest contributors including Brisbane City’s Chief Digital Officer Cat Matson and Snowy Hydro CIO John McGagh.

    An excellent opportunity for business owners and enterprise leaders to learn more about innovative technologies, successful business transformation, big data, insights and creating value was provided and it was a great pleasure for Alcorn Group to be part of the mix providing input from an information security standpoint. If you’d like more information regarding what security insights and considerations your organisation should be discussing don’t hesitate to contact Alcorn Group here.

  • read more
  • Alcorn Group on 'The Weekly'     //    
  • Alcorn Group on 'The Weekly' image

    Our managing director Wade Alcorn featured on Charlie Pickering’s The Weekly last week. A tongue in cheek look at “big data” had Charlie disagreeing with Wade’s assessment of most privacy data T&Cs. As Wade noted “…you practically need a legal degree to understand them”, to which Charlie quipped that he HAS a legal degree and still can’t understand them! We here at Alcorn Group are big fans of “The Weekly” and were quite chuffed to feature!!

    You can watch are no longer able to watch the segment here

    Contact Us

  • read more
  • ACSC & Blockchain Security     //    
  • ACSC & Blockchain Security image

    Our Managing Director will be presenting in Canberra at the Australian Cyber Security Center Conference this week on all things Blockchain. Wade will delve into Bitcoin, Ripple, Ethereum and the implications of Blockchain for business and for law enforcement. Blockchain technology may be set to change the course of how the world does business - but who can honestly say they understand it? In this [presentation](http://acsc2016.com.au/program/?IntCatId=27&IntContId=7741#bitcoin, Wade will take the audience on an entertaining journey of discovery to build an understanding of this technology - what it is, who is using it, and why it may well be the biggest influence on humanity since the internet.

    Contact Us

  • read more
  • ACSC & Blockchain Security     //    
  • ACSC & Blockchain Security image

    Wade Alcorn is presenting at the Spatial Industries Business Association on Bitcoin, blockchains and digital currencies? What are they and where can we use them? The pros and cons of Ripple verse Bitcoin will be explored.

    https://www.spatialbusiness.org/

    Contact Us

  • read more
  • Blockchain as a Service     //    
  • Blockchain as a Service image

    Microsoft and ConsenSys partnered back in October 2015 to offer Ethereum Blockchain as a Service (EBaaS) on Microsoft Azure so Enterprise clients and developers could have a single click cloud based blockchain developer environment. The initial offering contained two tools that allow for the development of SmartContract based applications:

    • Ether.Camp - An integrated developer environment
    • BlockApps - a private, semi-private Ethereum blockchain environment.

    Everyone, particularly Financial Services, is interested in Blockchain technology. While a platform like Bitcoin has many great uses specifically as a Cryptocurrency, Ethereum provides the flexibility and extensibility many customers are looking for.

    In Financial Services, Blockchain is a major disruptor to some of their core businesses, and FinTech companies are driving innovation in this space. Ethereum is open, flexible can be customized to meet customer needs allowing them to innovate and provide new services and distributed applications or Đapps.

    Ethereum enables SmartContracts and Distributed Applications (ĐApps) to be built, potentially cutting out the middleman in many industry scenarios streamlining processes like settlement. But that is just scratching the surface of what can be done when you mix the cryptographic security and reliability of the Blockchain with a Turing complete programming language included in Ethereum.

    “Ethereum Blockchain as a Service” allows for financial services customers and partners to play, learn, and fail at a low cost in a ready-made dev/test/production environment. It will allow them to create private, public and consortium based Blockchain environments using industry leading frameworks, distributing their Blockchain products with Azure’s distributed (private) platform.

    Contact Us

  • read more
  • Wade Alcorn delivers keynote at BrisSEC Aisa     //    
  • Wade Alcorn delivers keynote at BrisSEC Aisa image

    Our Managing Director, Wade Alcorn, will be delivering a keynote Presentation at BrisSec on March 11th, 2016. Taking the perspective of an adversarial APT team, Wade will take you on a journey of the thought process behind hacking a browser to exploit your organisation.

    It promises to be an entertaining ride!

    https://www.aisa.org.au/aisa-conferences/brissec-2016/agenda/

    Contact Us

  • read more
  • ASX and the Blockchain     //    
  • ASX and the Blockchain image

    The Australian Stock Exchange (ASX) has announced that it has selected US-based firm Digital Asset Holdings to develop solutions for the Australian market utilising Distributed Ledger Technology. This may be able to significantly simplify and speed-up post-trade processing. For ASX clients this could reduce back-office administration and compliance costs, while investors could experience significantly faster settlement of equity transactions – potentially in near real-time.

    Adoption of Distributed Ledger Technology has the potential to stimulate greater innovation by ASX and third parties to develop new services for intermediaries, end-investors and listed companies. This would create a more competitive marketplace across a broad range of services.

    Contact Us

  • read more
  • Australian Government Cyber Security Review     //    
  • Australian Government Cyber Security Review image

    Here at Alcorn Group we are eagerly awaiting the release of the 2016 Australian Government Cyber Security Review. The issue of cyber security is one of national importance and affects every Australian citizen, and certainly every Australian business. Some estimates put the direct cost of cyber-crime to Australia a more than $1 billion a year and this seems to be on the conservative side.

    There are some great initiatives already including the Australian Information Security Association (AISA) and CREST Australia. The Cyber Security Review will be a clear direction from the federal government and a very much needed clarity. The announcement of funding through to 2019-20 to establish an industry led Cyber Security Centre highlights the government’s efforts to prioritise the area of cybersecurity, and to move towards working more closely with industry, businesses and researchers.

    It will be interesting to see how this Security Review evolves and as a wholly Australian owned cyber security company, we are keen to see engagement with Australian industry at a real level. We would like to see initiatives particularly around addressing the skills shortage within the industry that we see at the moment. Our managing director has long been banging on this drum and has been involved in several initiatives to lead Australia’s up-skilling in this area. How government can support Australian businesses to improve their resilience and understanding of cyber threats will also be an area of particular interest. We stay tuned!

    Contact Us

  • read more
  • Alcorn Group presents at Infrastructure Saturday     //    
  • Alcorn Group presents at Infrastructure Saturday image

    Our Managing Director Wade Alcorn presented to a keen bunch of professionals at Brisbane’s “Infrastructure Saturday” on November 21st. Interest certainly seems to be growing around Bitcoin, Ripple the Blockchain and Etherium. There were lots of interesting questions and stimulating discussion. Thanks to Just People’s Adam Broadbent. Of course, a big thanks to Alan Burchill and his team for hosting the day too.

    Contact Us

  • read more
  • Bitcoin User Group session was a huge success     //    
  • Bitcoin User Group session was a huge success image

    Our MD Wade Alcorn had the pleasure of presenting to the Brisbane Cloud User Group on 5th November. Wade discussed BitCoin, Banking with Ripple, The Blockchain, and the brave new frontier of Etherium. Big thanks to Just People’s Adam Broadbent and Brisbane Cloud Group for facilitating the evening https://bnehyperv.wordpress.com.

    If you missed the session, why not come along to Wade’s next presentation which will be at “Infrastructure Saturday” in Brisbane on November 21st: http://www.infrastructuresaturday.org

    Contact Us

  • read more
  • Cracking the Mac Security Myth     //    
  • Cracking the Mac Security Myth image

    Wade Alcorn is among a few security bods having a discussion in this insightful article on crn.com.au. Always interesting to explore the assumptions and myths around security and branding that are out there. As Wade states in the article: “The bad guys go where the money is”, so will we be seeing more and more attacks on Macs in the future?

    More details here: Cracking the Mac security myth - CRN

    Contact Us

  • read more
  • Security and Artificial Intelligence     //    
  • Security and Artificial Intelligence image

    Wade Alcorn recently had the pleasure of presenting to some security folk at an Australian Information Security Association (AISA) Adelaide event. Wade spoke about a topic of increasing interest within the media, and within the security world: security, artificial intelligence and big ideas.

    Wade gave an entertaining and thought provoking talk on both the potential and real security implications of AI. We at Alcorn Group say - watch this space. This isn’t the last you have heard from security and artificial intelligence!

    More details here: AISA National

    Contact Us

  • read more
  • XSS Virus a Decade On     //    
  • XSS Virus a Decade On image

    AG’s Managing Director recently took a trip down memory lane with the register’s Darren Pauli. It’s been ten years since Wade publicly demonstrated that cross site scripting vulnerabilities could be used to construct a virus.

    More details here: The Register

    Contact Us

  • read more
  • Leak of Personal Details of Defence Employees     //    
  • Leak of Personal Details of Defence Employees image

    Alcorn Group’s Managing Director speaks to the ABC’s Brendan Trembath on the AM current affairs program about what’s believed to be the personal phone numbers, email addresses and computer passwords of US and Australian defence employees that have been published online.

    Full story here: Article

    Contact Us

  • read more
  • Cybersecurity: The New Due Diligence     //    
  • Cybersecurity: The New Due Diligence image

    We came across this report recently and really liked the main gist. When considering a merger or acquisition with any new company, cybersecurity is fast becoming no longer an afterthought, but a very important part of due diligence. Alcorn Group is highly skilled in providing visibility into the risks and threats any company may face.

    Full story here: Article

    Contact Us

  • read more
  • AusCERT Pre-Conference Presentation     //    
  • AusCERT Pre-Conference Presentation image

    Wade Alcorn will be presenting at an AUSCert pre-conference session on Tuesday (2nd June 2015). Wade will be diving into the exciting area of BitCoin, the BlockChain, Smart Contracts and the future of the security of these technologies.

    Full story here: Conference Detail

    Contact Us

  • read more
  • Internet of Hackable Things     //    
  • Internet of Hackable Things image

    Check out this Sydney Morning Herald article exploring a few different cyber topics that are capturing the media’s attention at the moment. Wade Alcorn was interviewed for the article, particularly around the hot off the press 2015 ACC Report into Organised Crime.

    Full story here: Internet of hackable things: wired world wide open to new age of cyber crime

    Contact Us

  • read more
  • Telstra's Pacnet Breach     //    
  • Telstra's Pacnet Breach image

    We had a chat to Bloomberg’s David Fickling about the recent brouhaha with Telstra’s Pacnet. There’s always a spike in the interest about the who? and how? after these kinds of high profile attacks.

    Another timely reminder for all businesses that your cyber security is really a prime concern for your shareholders - Telstra’s shares dropped 9 cents when this incident was announced.

    Full story here: Hackers Exposed Government Data in Breach of Telstra’s Pacnet

    Contact Us

  • read more
  • The Australian Crime Commission 2015 Organised Crime Report     //    
  • The Australian Crime Commission 2015 Organised Crime Report image

    If you have a spare half hour, make yourself a coffee and have a read through the 2015 ACC Report on Organised Crime in Australia. It makes for an interesting, if not daunting, read. The main things we took away from the report from our perspective.

    1. Cybercrime ain’t going away any time soon and is becoming an increasingly significant factor in many aspects of organized crime

    2. The report extrapolates the cost of cybercrime to Australians this year will be over $936 million.

    And this is based only on ACORN self reporting of small-medium businesses, so the report acknowledges this is likely to be an underestimation. We would agree with that- many businesses avoid self reporting, and we all know that cybercrime certainly targets large businesses and government agencies as well, sometimes with devastating impacts. So let’s face it – we are looking at a conservative estimate of over 1 billion dollars this year.

    Organised Crime in Australia 2015 report

    Contact Us

  • read more
  • Cyber Attacks on Australian Businesses Rose 20pc Last Year     //    
  • Cyber Attacks on Australian Businesses Rose 20pc Last Year image

    Wade Alcorn chats to ABC’s “The Business” about cyber threats to Australian businesses. “…finance has been facing cyber threats for quite a long time now - it’s one of the most strongly positioned industries in Australia…” You can see the full story here: ABC News Story - Cyber attacks on Australian businesses rose 20pc last year

    Contact Us

  • read more
  • Presentation at ACSC Conference: Security of Browsers - Why are APTs successful?     //    
  • Presentation at ACSC Conference: Security of Browsers - Why are APTs successful? image

    At the Australian Cyber Security Center Conference Wade Alcorn presented an entertaining and insightful take on APTs and web browser security in Australia today.

    The presentation description was “Why are browsers involved in many APTs? In this presentation you will learn how the web browsers in your organisation provide an opportunity for an attacker. You will explore and understand how they provide a great return of investment for your adversaries. You know them, you love them but how far can you trust them?”

    Standing room only!

    More details here: ACSC Speaker Details

    Contact Us

  • read more
  • Alcorn Group Leads AISA Web Hacking Workshop     //    
  • Alcorn Group Leads AISA Web Hacking Workshop image

    Alcorn Group leads a very popular Hacking Workshop at AISA. Today Wade led a popular browser hacking workshop in Brisbane. Always rewarding presenting to a local crowd!

    More details here: AISA BrisSec Speakers

    Contact Us

  • read more
  • Crypto App Uses Single-byte XOR     //    
  • Crypto App Uses Single-byte XOR image

    Our Managing Director comments on encryption… “Encryption is hard, very hard! … This goes to re-emphasise one of the golden rules of secure development: do not create your own cryptographic functions.”

    Read the full article: The Register

    Contact Us

  • read more
  • How Much Do We Value Our Privacy?     //    
  • How Much Do We Value Our Privacy? image

    Managing Director Wade Alcorn featured in an interesting Lateline story around privacy and personal data. Check out the social experiment in the café- what happens when people start acting like apps? Are we so ready to give away our personal data when it is face to face?

    More details here: ABC Interview

    Contact Us

  • read more