Cyber Security Loop – Edition #10

By John | April 30, 2025 |

Each month, I share a quick pulse on what’s happening in the world of cybersecurity – framed for law firm leaders and risk stakeholders across Australia. Think of it as your boardroom-ready headline brief: short, sharp, and trusted. Here’s what’s hot this week — and what you should be thinking about. 🧨 HOT THIS WEEK:…

Welcome to the “CyberSecurity Loop” News Bytes – Edition #9

By John | March 27, 2025 |

Last week I ran a live “cybersecurity breach simulation” at the Legal Counsel Forum in Sydney. The format of the 1 hour session allowed delegates to play along as I walked them through a scenario of a data breach. Then using my “colour code framework” we explored the essential elements that make up a well…

What you should be doing when you receive an unsolicited One Time Passcode

By John | December 19, 2023 |

If you receive an unsolicited One Time Passcode (OTP) for a service that you use, either as an SMS or Email you should be concerned and act immediately! Why should I be concerned? This basically means that your credentials have been stolen and someone is trying to gain access to your account. The only reason…

Top targeted vulnerabilities of 2023: STOP this madness

By John | December 14, 2023 |

In 2023 the top 10 targeted vulnerabilities used by threat actors to actively exploit victims were more than 10 years old! In order of CVE ranking we have: CVE-2017-0199 – Microsoft Office and Worpad CVE-2017-11882 – Microsoft Exchange Server CVE-2020-1472 – Microsoft NetLogon CVE-2012-1461 – GZIP file parser utility I would really like to know…

Beware of new Ransomware Tactic

By John | November 17, 2023 |

2 days ago ALPHV/BlackCat in a bid to apply further pressure to get their latest victim MeridanLink to pay, filed a compliant against them with the U.S. Securities and Exchange Commission (SEC) for failing to report a breach! This is an interesting tactic and will apply even more pressure on organisations, CISOs’ and Boards to…