• Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • About Us
    • Careers
    • Contact Us
Menu
  • Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • About Us
    • Careers
    • Contact Us
Phone-alt Linkedin

Blogs

Common Vulnerabilities and Exposures – October 2022

Critical Zoho ManageEngine RCE Vulnerability On the 22nd September 2022, the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical unauthenticated Remote Code Execution

Read More »
October 7, 2022

Hacks – October 2022

September saw a significant number of cyber breaches with Uber, Rockstar Games and Optus all impacted within a week. The attack methods observed in these

Read More »
October 7, 2022

Protecting your data – The CIA Triad – Part One: Confidentiality

Understanding the CIA Triad of Information Security – Part One: Confidentiality The modern business landscape continues to evolve each and every day, meaning it’s never

Read More »
September 27, 2022

Partner News – Check Point Harmony Offer

Email Security   It’s hard to believe – but most organisations are still seeing unwanted, potentially malicious emails in their inboxes. The reasons for this are

Read More »
June 1, 2022

AusCERT 2022

The AusCERT Conference is the oldest information security conference in Australia. The event’s theme this year was…. Rethink, Reskill, Reboot….which provided a great conversation starter

Read More »
May 31, 2022

Hacks – May 2022 – Follina Zero Day Vulnerability

Tips and Tricks to mitigate and prevent “Follina”: Turn off the preview pane in file explorer and Microsoft Outlook. File explorer – go to the

Read More »
May 31, 2022

Common Vulnerabilities and Exposures May 2022 – Follina Zero Day Vulnerability

A new zero-day vulnerability affecting office applications, dubbed “Follina”, has been discovered in the past few days. This vulnerability functions as a “zero click” remote

Read More »
May 31, 2022

Supply Chain Risk Management

Gone are the days when enterprise and business assets are secured behind a perimeter of layered security controls. Technology advancement and the boundless need to

Read More »
May 31, 2022

Partner News – Check Point Harmony offer

Email Security It’s hard to believe – but most organisations are still seeing unwanted, potentially malicious emails in their inboxes. The reasons for this are

Read More »
May 1, 2022

Cyber Security Risk in your Supply Chain

Sensitive information is exchanged in the course of you consuming goods and services to conduct your business.  That exchange is increasing in volume and frequency

Read More »
April 29, 2022

Common Vulnerabilities and Exposures – CVE-2022-22954 VMware Workspace ONE Access and Identity Manager

CVE-2022-22954 VMware Workspace ONE Access and Identity Manager –  remote code execution vulnerability VMware Workspace ONE Access and identity Manager has been affected by a

Read More »
April 29, 2022

Hacks – Examples of major Supply Chain attacks

Supply chain attacks occur when a third-party provider of software or hardware is exploited and attackers use this to further infiltrate customers of these providers.

Read More »
April 29, 2022

Polkit Vulnerability CVE-2021-4034 (Local privilege escalation vulnerability)

On Tuesday (25 January 2022), Qualys announced a local privilege escalation vulnerability (CVE-2021-4034) affecting several distributions of Linux such as Fedora, Debian, Ubuntu, CentOS and

Read More »
March 30, 2022

Hacks – Keep your Operating System safe

TIPS TO KEEP YOUR OPERATING SYSTEM SAFE Apple and Microsoft take great care in providing a safe and secure operating system for you to use

Read More »
March 25, 2022

Common Vulnerabilities and Exposures

CVE-2022-24460 – Tablet Windows User Interface Application Elevation of Privilege Vulnerability Released: 8/3/2022 Severity: High   Description: An exploit was discovered in Microsoft Windows 10,

Read More »
March 25, 2022

Standard Operating Environment (SOE) traps to avoid

Deviations from the norm – Standard Operating Environment (SOE) traps to avoid In the numerous security assessment audits and incident response activities that the Brace168

Read More »
March 25, 2022

March 2022 Okta LAPSUS$ security incident

At 2:09pm on the 22nd of March 2022 (AEDT), the advanced persistent threat actor (APT) group “LAPSUS$” released screenshots and claims, on the encrypted messaging

Read More »
March 23, 2022

Check Point Harmony Authentication

As we continue to work remotely and consume key business resources as services – the shared responsibility model for these externalised services demands strong and

Read More »
February 28, 2022

Hacks – Wiper Malware

The wiper is one of the more damaging malwares whose purpose is to wipe the computer’s hard drive, when it attacks. The first instances of

Read More »
February 28, 2022

Common Vulnerabilities and Exposures

CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability Description: The exploit works by spraying an IIS server via several large GET HTTP requests and finishes

Read More »
February 28, 2022

Encryption

Cryptography involves turning plaintext into ciphertext (encryption) and then turning ciphertext into plaintext (decryption). Data encryption protects confidentiality and safeguards data integrity. A cryptographic system

Read More »
February 25, 2022

Authentication

In Identity Management, the letters AAA stands for Authentication, Authorisation and Accounting. Authentication proves the person’s identity, software application, or technology asset accessing a resource.

Read More »
February 22, 2022

CVE-2022-23944: Apache ShenYu (incubating)

CVE-2022-23944: Apache ShenYu (incubating) Improper access control: Severity: Moderate Description: User can access /Plugin API without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

Read More »
January 31, 2022

Hacks – Authentication

Authentication is a prominent aspect of cyber security as it is end user facing and is generally the first step to access most systems. A

Read More »
January 31, 2022

Polkit Vulnerability CVE-2021-4034 (Local privilege escalation vulnerability)

On Tuesday (25 January 2022), Qualys announced a local privilege escalation vulnerability (CVE-2021-4034) affecting several distributions of Linux such as Fedora, Debian, Ubuntu, CentOS and

Read More »
January 31, 2022

Encryption

Encryption may be a topic that you give passing attention to in response to security advisories but otherwise little else. Rather than providing a summary

Read More »
January 31, 2022

Hacks – O365

Microsoft Office is one of the most widely used application suites in the world, but in 2020 there were over one thousand vulnerabilities identified, of

Read More »
December 20, 2021

Common Vulnerabilities and Exposures December 2021

CVE-2021-40444 – Microsoft HTML Remote Code Execution Vulnerability Remote code execution vulnerabilities are up there with some of the worst that a company can be

Read More »
December 20, 2021

Protect your Microsoft O365 tenant

An organisation’s Microsoft 365 tenant is susceptible to many external and insider threats when not properly configured. At every level of licensing there are at

Read More »
December 20, 2021

Log4j Vulnerability

Log4j continues to disrupt global festive season change freezes. On Friday (10 December 2021), NIST announced a remote code execution vulnerability (CVE-2021-44228) https://nvd.nist.gov/vuln/detail/CVE-2021-44228 in the

Read More »
December 20, 2021

Hacks – Azure Authentication

Credentials are the key to any system or application as they enable users to securely authenticate to a service and access resources or processes. Credentials

Read More »
November 30, 2021

Common Vulnerabilities and Exposures

CVE-2021-42321: Microsoft Exchange Server Remote Code Execution Vulnerability This is a post-authentication remote code execution vulnerability affecting on-premises Microsoft Exchange Server Exchange 2016 and 2019,

Read More »
November 30, 2021

Monitoring your Azure environment

A Security Incident Event Management system (SIEM) is a powerful tool used to both store and analyse billions of logs. At Brace168 we have implemented

Read More »
November 30, 2021

Common Vulnerabilities & Exposures October 2021

Vulnerability 1: 8.5 High – Palo Alto Networks Buffer Overflow Vulnerability Description: A stack-based buffer overflow vulnerability exists within the Palo Alto Networks GlobalProtect app

Read More »
October 28, 2021

Amazon Web Services (AWS) Cloud Solution

Covid-19 was a difficult time for all businesses. Its greatest impact was that it forced us to think outside the box and consider new solutions.

Read More »
October 28, 2021

Not For Profit

Cipherpoint and Brace168 are delighted to announce a relationship with Guide Dogs NSW/ACT.  Brace168, via its Next Gen Managed Detection and Response (MDR)  Security Operation

Read More »
October 5, 2021

Partner News – KnowBe4

Brace168 is pleased to partner with KnowBe4 to enhance our offering of security awareness training to our customers. KnowBe4 is the world’s largest integrated security

Read More »
October 5, 2021

The Value of Security Performance Reporting

Monthly Reporting Brace168 provides our managed incident response customers with monthly reports that break down the customer’s environment into several security performance measures including External

Read More »
October 5, 2021

Hacks

There are seemingly an infinite number of ways to compromise a system. An important premise of security is effort, increasing the effort hackers must take

Read More »
October 5, 2021

Common Vulnerabilities & Exposures

Vulnerability 1: DotCMS Remote Code Execution Vulnerability (10.0 Critical) Description: A Remote Code Execution (RCE) vulnerability exists within DotCMS v5.2.3. An RCE attack involves an

Read More »
October 5, 2021

Common Vulnerabilities and Exposures August 2021

Vulnerability 1: ManageEngine ADSelfService Plus CSV Injection Vulnerability (9.3 Critical)  Description: A CSV injection vulnerability lies within ManageEngine AD Self Service Plus system. A CSV

Read More »
August 30, 2021

Hacks August 2021

The first step of any cyber-attack involves an adversary performing reconnaissance activities to understand and gather information about their target’s environment. Commonly this involves performing

Read More »
August 23, 2021

Network Firewall

What do the castles of the past and networking devices have in common? Walls. However, as attacks became more sophisticated, it quickly became obvious that

Read More »
August 23, 2021

Partner Message Check Point 

“EDR has been a common TLA in the tech and cyber lexicon (thanks Gartner) for about 7 years, growing and evolving along the way –

Read More »
July 29, 2021

Endpoint Detection and Response

It is easy to get confused in the world of cybersecurity. There is an overabundance of jargon as everyone tries to sell a service rather

Read More »
July 21, 2021

Hacks – Cracking web-page authentication

Authentication pages – the first roadblock on a hacker’s route to getting access to your resources. Gone are the days of simply using a username

Read More »
July 21, 2021

Common Vulnerabilities & Exposures

Vulnerability 1: Printnightmare Windows Spooler Service (9.0 Critical) Description: The Windows Spooler Service (WSS) holds a Remote Code Execution vulnerability. The WSS is used to implement the

Read More »
July 21, 2021

Why is penetration testing important for your business

Do you believe your data is secure? Do you believe your IT infrastructure is safe? Are your web interfaces hardened? These are just a few

Read More »
June 30, 2021

Common Vulnerabilities & Exposures June 2021

Vulnerability 1: D-Link Insufficient Credential Protection (7.2 High) Description: D-Link is affected by a credential exposure vulnerability. Credential exposure allows an attacker the ability to

Read More »
June 30, 2021

Hacks – Android ADB Exploit

Smartphone devices are the most popular device in the world. Over 1.30 billion smartphones are shipped and sold every year and a further 1.32 billion

Read More »
June 30, 2021

Managed Detection & Response

As businesses continue to innovate and grow, so does the complexity of cyberattacks against them. We rely on technology and information systems to run our

Read More »
June 29, 2021

Brace168 News AusCERT Conference

What a week and what a thrill to be able to travel to the Gold Coast to be a part of and celebrate the 20th

Read More »
May 27, 2021

Hacks – Importance of configuration management

Hackers are smart and know a lot of simple tricks to get around the cybersecurity defences that companies spend a huge amount of dollars and

Read More »
May 27, 2021

Partner Message Checkpoint Breakfast

In partnership with Check Point we are very proud to have been a part of the Brace168 and Check Point executive cybersecurity breakfast and information

Read More »
May 27, 2021

News U.S Colonial Fuel Pipeline Ransomware Attack

Attackers tend to target major organisations like banks, software companies, vendors & financial firms. On May 7th Colonial Pipeline got attacked. A ransomware attack had

Read More »
May 27, 2021

Ransomware A Real World Incident

Late last year Brace168 was engaged to respond to a ransomware attack to conducted incident response services. The ransomware in question was a previously unknown

Read More »
May 27, 2021

Common Vulnerabilities & Exposures May 2021

Vulnerability 1: UPDATED Microsoft Exchange Server RCE (9.8 Critical) Description: Microsoft Exchange Server has a new remote code execution vulnerability (RCE). These RCE’s enable an

Read More »
May 27, 2021

Brace168 Products Managed Endpoint & Server Security

The one thing that makes an attacker lethal is ‘Time’. Attackers have an exorbitant amount of time when it comes to reconnaissance. This allows them

Read More »
May 27, 2021

Your O365 Security Checklist

Are you about to head off for your Christmas break? This O365 security checklist might just save your skin. Microsoft Office 365 is popular because

Read More »
December 17, 2020

Here are some of our musings about the Cyber Security industry.

The real question is the cost of not having a cyber security plan. We all hate paying our insurance policies. Trust me, it’s one of

Read More »
December 10, 2020

Popular Articles

News U.S Colonial Fuel Pipeline Ransomware Attack

Read More »

Your O365 Security Checklist

Read More »

Polkit Vulnerability CVE-2021-4034 (Local privilege escalation vulnerability)

Read More »

The Value of Security Performance Reporting

Read More »

Popular Categories

Categories
  • Application Security
  • Cloud Security
  • Cyber Security
  • Managed Services
  • News
  • O365 Security
  • Penetration Testing
  • Supply Chain
Linkedin
  • Insights
  • Contact Us
Menu
  • Insights
  • Contact Us

Our Office

Level 2, 157 Walker Street, North Sydney, NSW 2060

Call Us

(02) 9136 6066

Email Address

info@brace168.com