Feb 19, 2024 | Speaking
I recently had the honor of delivering a guest lecture at UNSW on security in design and development. It’s fulfilling to give back and contribute to the growth of future software engineers and managers. Together, let’s promote a security-conscious approach in shaping...
Feb 13, 2024 | Posts
Remember those annoying texts about a “package requiring a small fee” that never quite materialize? Phishing via SMS, also known as smishing, has evolved far beyond these clumsy attempts.Just a few minutes ago, I received a chilling message purporting to...
Jan 19, 2024 | Posts
A few months ago I shared that phishing scams are getting more sophisticated with scammers targeting hotel staff in order to phish their customers. Someone I know got targeted with such as scam this week. They had a hotel reservation booked through a booking website...
Jan 12, 2024 | Podcast
Australian suffered a number of significant data breaches in the last two years. In response, the Australian Government released their Cyber Security Strategy late last year and it provides a peak to some of the cyber legislations that are upcoming. I’m going to...
Jan 5, 2024 | Podcast
AI took centre stage in 2023 with tools like ChatGPT making headlines. What can we expected in 2024? Here’s my predictions on how it’ll revolutionise the way we code, secure and hire. Imagine a world where code practically writes itself. AI-powered...
Dec 28, 2023 | Podcast
Three malicious Chrome extensions, disguised as VPNs, infected approximately 1.5 million users, functioning as browser hijackers, cashback hack tools, and data stealers. Discovered by ReasonLabs, the extensions (netPlus, netSave, and netWin) were distributed through...
Dec 27, 2023 | Podcast
A critical remote code execution (RCE) vulnerability in the Apache Struts 2 framework, tracked as CVE-2023-50164, is reportedly being ignored by developers, leaving approximately 80% of recent Struts downloads exposed to the flaw. The severity of the vulnerability,...
Dec 26, 2023 | Podcast
A groundbreaking attack named “Terrapin” has been uncovered, posing a significant threat to the security of the (SSH) Secure SHell Protocol. SSH, developed nearly 30 years ago to counter password sniffing attacks, is widely used to secure connections in...
Dec 22, 2023 | Podcast
A recently discovered “SMTP smuggling” technique is allowing cyber attackers to sidestep email security protocols like Domain-based Message Authentication, Reporting, and Conformance (DMARC), posing a significant threat to organizations. The method...
Dec 21, 2023 | Podcast
In a case highlighting the importance of removing access upon termination, a disgruntled employee wreaked havoc with his employer’s systems when he was terminated. A former cloud engineer at a bank was terminated for violating company policies, including...
