& Blogs
News & Blogs
August 6, 2020
Part 3: Analysing MedusaLocker ransomware
(Part 3 of 3) In this 3-part post, we share the tradecraft from an RDP brute force linked ransomware event (MedusaLocker) we responded to in June 2020. We cover the business ramifications of the attack, technical analysis and some advice based on attacks such as these. Continued from parts 1 and 2...
August 5, 2020
Part 2: Analysing MedusaLocker ransomware
(Part 2 of 3) In this 3-part post, we share the tradecraft from an RDP brute force linked ransomware event (MedusaLocker) we responded to in June 2020. We cover the business ramifications of the attack, technical analysis and some advice based on attacks such as these. Continued from part 1...
August 4, 2020
Part 1: Analysing MedusaLocker ransomware
In this 3-part post, we share the tradecraft from an RDP brute force linked ransomware event (MedusaLocker) we responded to in June 2020. We cover the business ramifications of the attack, technical analysis and some advice based on attacks such as these.
July 27, 2020
Cyber exploitation at scale: don't become a victim of remote access exploitation
Let’s face it – it’s been a tough period for remote access solutions, especially when we’re so dependent upon it. First, we had the myriad of SSL-VPN’s from the likes of Cisco, F5, Palo Alto, Cisco, Fortinet and Pulse Secure – going from being an enterprise security product to the worst nightmare for a security team overnight.
June 18, 2020
Mitigating remote working security risks
It's not just about the basics, there are new emerging threats and risks when it comes to shifting to more remote styles of working.
June 9, 2020
The demise of network security walls in the times of COVID-19
“Oh no, an on-premises SIEM” said no hacker, ever.
May 29, 2018
Privacy, security and the impact of GDPR in NZ
There have been plenty of privacy and security discussions about the potential reach and impact of GDPR in NZ. It may feel like privacy regulations in Europe are a distant concern to New Zealand companies, but the reality is that the security and privacy landscape is changing. Being left behind in the way that we treat critical business assets, like information, is no longer an option.
December 18, 2017
Artificial Intelligence (AI) and Cyber Security
Machine learning is a type of artificial intelligence (AI) that provides computers – or in the case of Mr Burns, monkeys (see clip below) - with the ability to learn without being explicitly programmed. Computers use algorithms to learn from past data to predict what may happen (predictive analysis), and can adapt when exposed to new data.
August 14, 2017
Cyber Security: targeting
“Only amateurs attack machines, professionals target people” Bruce Schneier
June 29, 2017
Cyber Security: attack surface
In my last post I discussed some of the wider aspects of cyber security in an attempt to abstract the discussion from pure IT security. This time around I thought it would be helpful to delve into a couple of concepts that make it easier to focus our limited defences rather than trying to defend against all the threats all of the time. Cyber defence is a zero-sum game and time spent doing one thing means it can’t be spent doing something else.