Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

A New Year

Happy New Year! Another year has come to a close and what a year it was. What can we say about 2015? 2015 was the year of the breach, with some truly epic numbers of records stolen around the world. Two of the largest, Ashley Madison with 37 million accounts and the US Government's OPM 22 million, were particularly damaging as they potentially exposed users to blackmail due to the amount and sensitivity of the information disclosed. Then, when Hacking Team was breached, vulnerabilities in Adobe Flash and Microsoft Windows were revealed, leaving millions of people vulnerable to compromise while the vendors hurried out patches.

What else happened last year? The Stagefright vulnerability made it possible to compromise an Android device just by sending a malicious MMS to it. Dell and Lenovo sold computers pre-loaded with self-signed root certificates, leaving users vulnerable to MITM attack.

AusCERT had a busy 2015, publishing 3242 external security bulletins and 121 AusCERT security bulletins – a new record, but one that will almost certainly be eclipsed in 2016. There was a large number of alerts, encompassing a wide range of OS and application platforms. Adobe Flash Player and Microsoft Windows were the standouts, but amongst the usual browser vulnerabilities other notables included Oracle, Juniper, Cisco, ISC BIND and glibc. Also significant was the rise in bulletins for appliances, which ran the gamut of network, email and web security appliances through to SCADA and medical devices.

So, what does 2016 hold in store for us? Much as we might we wish it so, Flash is unlikely to die in 2016. It will continue, albeit with a name change. We’re expecting to see more state sponsored espionage in 2016 and this may finally be the year that mobile hacking becomes real, with rogue 3G/4G access points pretending to be a major carrier and intercepting your phone calls and data. Expect an explosion of vulnerabilities in Internet of Things (IoT) devices, too. Finally, there’s every reason to expect more data breaches, though hopefully none as large or high-profile as those in 2015. All in all, it’s bound to be a bumper year in information security!