Upgrade from annual pen tests to continuous penetration testing services in Australia. Discover 2026 red teaming trends, PTaaS, and expert security assessments.
Discover how threat actors exploit the critical CVE-2026-20127 Cisco SD-WAN vulnerability. Learn IoCs, remediation steps, and how penetration testing secures your network.
The Australian Cyber Security Centre has issued urgent warnings about actively exploited vulnerabilities in Microsoft SharePoint Server (CVE-2025-53770) that enable unauthenticated remote code execution. With Chinese state-aligned actors and ransomware groups already compromising Australian organisations, this threat represents an immediate and severe risk to business-critical data and infrastructure.
Across AWS, Google Cloud, and Microsoft Azure environments in Australia and globally, 59% of IAM users maintain access keys that have never expired—credentials that have been active for more than one year. These long-lived credentials represent a silent but catastrophic vulnerability in your cloud infrastructure. This blog explores why long-lived credentials have become the primary attack vector for identity-based breaches, how red teams exploit them during penetration tests, and what you must do today to eliminate this ticking time bomb.
Critical authentication bypass vulnerabilities in Fortinet FortiGate and related products (CVE-2025-59718 and CVE-2025-59719) are now under active attack, allowing "ghost" SSO logins that completely sidestep normal controls and logs. For Australian organisations, this is more than a VPN or firewall problem – it is a board-level exposure that directly tests whether your external penetration testing, internal penetration testing, and red team assessment services are capable of simulating SSO abuse, identity takeovers, and lateral movement across hybrid networks.
Cloud computing has a lot advantages for your company. Simply put, it provides you with a better way to run your business, although it does represent a huge change for your business. In any company, there are established practices and culture. When you implement something like cloud technology, it means that you will have to make many adjustments, significant ones at that.
Some people still hesitate to use cloud-based software but it is the need of the 21st century. It has already revolutionised the way business is done. While security threat is present in any kind of software, the cloud is not devoid of it. For users, here are some tips to ensure security while using cloud computing and making your experience a smooth one.
Cloud computing has changed the way business is done and this is facilitated by different apps which are based on the concept of cloud computing. These apps and services allow better integration, file sharing, and accessibility, which are crucial to business success in this age. Which are the tops apps, which have conquered the cloud arena and facilitated business processes the most? Read to find out.
Amazon’s AWS (Amazon Web Services) is a popular cloud computing application which is used by people worldwide. It can help business owners reduce their IT costs. You no longer have to purchase expensive machinery and hire extra IT staff. You can use this cloud application to pay as you go to cut monthly costs for IT services.
Like every other popular service or software on the internet, WordPress is prone to hacker attacks. There are some vulnerabilities in WordPress itself. Other security risks are created because of user neglect and carelessness. Users create websites and blog pages using WordPress and all their information is at risk when proper care is not taken to keep the pages secure.
Following are some common security risks that users face when using WordPress, by avoiding these you can keep your websites safe:
Secure Sockets Layer or SSL pertains to the standard security technology utilized mainly for establishing an encrypted link between a browser and a server. This link makes sure that all essential data are transferred between browsers and web servers in an integral and private manner. SSL is a widely known digital networking protocol managing client authentication, server authentication and the encrypted communication between clients and servers.
The Transport Layer Security or TLS, on the other hand, pertains to the protocol that completely ensures privacy between exclusive communication applications and their respective users online. When a client and a server interact or communicate, this technology makes sure that there is no third-party tampering or eavesdropping with the messages. The Transport Layer Security is said to be the successor of Secure Sockets Layer of SSL.
Freak-Analyzed and Defined
Freak attacks take advantage of RSA Export major clippers that are designed to be weaker on purpose so that they will fit in the borders of US Encryption controls of export of previous years. The deconstruction of attack is composed of three steps which are outlined below:
This is as simple as going to a public Wi-Fi area and setting up the proxy. Modify the traffic of clients to request the main Export RSA key.
There are reliable services specifically for this pursuit. One of these is using the online services of Amazon which only takes about 7 to 12 hours for one hundred dollars. Modify or monitor the traffic that is going between the unconfirmed server and vulnerable client in plain text.
You might have caught caution in the third step which is unconfirmed server and vulnerable client. The server must be willing to negotiate the weaker export key or must host the susceptible third-party software like the Facebook JavaScript SDK, sites that include Facebook’s login button and like button or Apache’s Open SSL and mod_SSL versions. Some susceptible devices and clients can include the Safari on any Apple device.
What You Need to Do to Ensure Ultimate Personal Protection
Freak attacks are getting widespread more than you previously thought. Browsers using OpenSSL are susceptible and this includes Android browsers and perhaps Samsung-derived browsers called “Internet.” Similarly, Apple’s exclusive implementation of TLS, known as Secure Transport, puts OS X and also Safari at risk.
The best thing that needs to be done now is to ensure your protection against this vulnerability. However, you need to make sure that you have clear ideas on how to configure this for your usual privacy. If you truly want to protect yourself, this can be done in simple steps.
If you are running a web server, you need to disable support for all the export suites, but you also need to check and ensure that you are not utilizing any known unsecure ciphers. Enabling support also needs to be done to forward exclusivity or secrecy.
Magento platform is a popular eCommerce framework used by the organisation all over the world to create the Online shops.
The researchers from Check Point discovered the critical security issues, which could potently allow the remote compromise of a Magento based web site and gaining unauthorized access to the customer and credit card information. See the full post here: http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/ . The vulnerability is currently affecting thousands of online stores.
Technical Details
Three vulnerabilities were discovered by the Check Point team:
CVE-2015-1398 - An authentication bypass vulnerability was reported in Magento component. The vulnerability is due to a user controlled parameter affecting the login mechanism. A remote attacker can exploit this issue by sending a specially crafted HTTP request to a vulnerable system. Successful exploitation may allow the attacker to gain access to a target system.
CVE-2015-1397 - An SQL injection vulnerability has been reported in Magento component. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
CVE-2015-1399 - A remote file inclusion vulnerability has been reported in Magento component. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
What should you do
Check your Magento implementation using our Trial Web Site Assessment Service and see if you are vulnerable. If yes, apply the designated patch SUPEE-5344 released by Magento as soon as possible.
