Blog - Cythera

computer virus

EvilClippy and the rise of Office based malware.

Last month a cross-platform assistant for creating malicious MS Office documents, named EvilClippy was released.

It allows an attacker to hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools.

Attackers can now hide malicious code from anti-virus and macro analysis tools by leveraging undocumented features in the way macros are stored within an office file.

Ben Cuthbert July 11, 2019

breach

Learnings From The Trenches : Cyber Security Tips For Australian Businesses

We help a lot of Australian businesses out with security incidents, as well as recovering from hacks and breaches. Many of them can be attributed back to human error or poor security hygiene. I thought I would share some of my top tips to help you avoid a costly hack, or brand damaging breach.

Ben Cuthbert July 1, 2019

mpls

How to securely remove MPLS from your network.

Businesses with multiple locations have been stringently handcuffed to costly, complex private networks such as MPLS for years. It’s been an unavoidable cost and it’s compounded if you operate in isolated areas throughout Australia.

Tim Sank June 25, 2019

it buying

The changing face of IT security buying

Buying IT security can be a complicated process.

Today, there are literally thousands of security vendors who all claim to have the latest and most secure security product on the planet to help defend your businesses from cyber-attack. But which ones do you pick?

Tim Sank June 18, 2019

compromise

Compromised business partners : How hackers catch you asleep at the wheel.

This week while on-boarding a new customer, before we could even start we needed to help them recover from a compromise they had received before coming to us.

A user had suffered a phishing attack and had their Office365 email credentials stolen. Email phishing is the act of sending emails purporting to be an entity (such as Google) or an individual (such as your CEO), often using a crafted email with graphics and text from legitimate emails included to fool users into entering login information or opening an attachment. The attacker can then use the stolen credentials to gain access to your organisation, or use malware the user clicks on to gain a control channel into your environment.

Ben Cuthbert June 6, 2019