About the Review

Welcome to the Cyber Security Review website.

The growth of the internet has impacted profoundly on everyday life and the global economy. It has evolved into a global, interconnected network of systems and information – cyberspace – that we know today, transforming the conduct of business and opening new markets.

Threats to cyber security are persistent and constantly evolving. With an ever-growing number of cyber attacks on critical infrastructure, online commerce and the private sector worldwide, security experts are finding that their work has become a race against the attackers.

The Cyber Security Review is designed to draw on the combined knowledge, skills and expertise of the cyber security community to identify the emerging threats and facilitate the development of coherent policies and robust capabilities.

Our mission is to promote dialogue and provide a platform for information exchange and cooperation between stakeholders, industry, academia and security experts worldwide.

Latest news 

  • Hackers race to use Flash exploit before vulnerable systems are patched

    October 20, 2017

    Hackers are rushing to exploit a zero-day Flash vulnerability to plant surveillance software before organisations have time to update their systems to patch the weakness. Uncovered by researchers at Kaspersky Lab on Monday, the CVE-2017-11292 Adobe Flash vulnerability allows attackers to deploy a vulnerability which can lead to code execution on Windows, Mac, Linux, and Chrome OS systems. The exploit enables ...

  • Google offers hackers $1,000 bounty to hack and fix Play Store apps

    October 20, 2017

    Google is offering security researchers a $1,000 (£760) bounty if they can successfully hack apps on its Play Store and help fix them. Bug bounty programmes are a popular way for companies to reward hackers who find vulnerabilities in their software and disclose them to developers so they can be fixed rather than exploited. The focus on ...

  • Hackers Take Aim at SSH Keys in New Attacks

    October 19, 2017

    SSH private keys are being targeted by hackers who have stepped up their scanning of thousands of servers hosting WordPress websites in search of private keys. Since Monday, security researchers said they have observed a single entity scanning as many as 25,000 systems a day seeking vulnerable SSH keys to be used to compromise websites. “What ...

  • US-CERT study predicts machine learning, transport systems to become security risks

    October 19, 2017

    The Carnegie-Mellon University’s Software Engineering Institute has nominated transport systems, machine learning, and smart robots as needing better cyber-security risk and threat analysis. That advice comes in the institute’s third Emerging Technology Domains Risk Survey, a project it has handled for the US Department of Homeland Security’s US-CERT since 2015. The surveys are cumulative, meaning any ...

  • Mysterious cyber espionage campaign uses ‘torpedo’ lure to trick you into downloading malware

    October 18, 2017

    An espionage group is launching cyber attacks against organisations in the maritime and defence sectors in what’s highly likely to be an effort to steal confidential information and research data. Dubbed Leviathan, the group has been active since at least 2014 and takes particular interest in maritime industries, naval defence contractors and associated university research institutions ...

  • Data breach hits 30m South Africans

    October 18, 2017

    The personal information of about 30 million South Africans has been compromised. This was revealed by Australian-based IT security researcher Troy Hunt. He created the Have I been pwned? platform as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach. Following the ...

  • Dangerous Malware Allows Anyone to Empty ATMs—And It’s On Sale!

    October 17, 2017

    Hacking ATM is now easier than ever before. Usually, hackers exploit hardware and software vulnerabilities to hack ATMs and force them to spit out cash, but now anyone can simply buy a malware to steal millions in cash from ATMs. Hackers are selling ready-made ATM malware on an underground hacking forum that anybody can simply buy for ...

  • Oracle Patches 250 Bugs in Quarterly Critical Patch Update

    October 17, 2017

    Oracle patched 250 vulnerabilities across hundreds of different products as part of its quarterly Critical Patch Update released today. Rounding out the list of products with the most patches is Oracle Fusion Middleware with 38, Oracle Hospitality Applications with 37 and Oracle MySQL with 25. Of the critical patches, security researchers at Onapsis said that they identified three high-risk ...

  • Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware

    October 16, 2017

    FinSpy—the infamous surveillance malware is back and infecting high-profile targets using a new Adobe Flash zero-day exploit delivered through Microsoft Office documents. Security researchers from Kaspersky Labs have discovered a new zero-day remote code execution vulnerability in Adobe Flash, which was being actively exploited in the wild by a group of advanced persistent threat actors, known as BlackOasis. The critical ...

  • Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible

    October 16, 2017

    A flawed Infineon Technology chipset used on PC motherboards to securely store passwords, certificates and encryption keys risks undermining the security of government and corporate computers protected by RSA encryption keys. In a nutshell, the bug makes it possible for an attacker to calculate a private key just by having a target’s public key. Security experts say ...

  • How A Drive-by Download Attack Locked Down Entire City for 4 Days

    October 16, 2017

    We don’t really know the pain and cost of a downtime event unless we are directly touched. Be it a flood, electrical failure, ransomware attack or other broad geographic events; we don’t know what it is really like to have to restore IT infrastructure unless we have had to do it ourselves. We look at other people’s ...

  • WPA2 Going the Way of WEP After Wi-Fi Researchers Find Critical Flaw

    October 16, 2017

    The WPA2 (Wi-Fi Protected Access II) protocol that’s used by most Wi-Fi networks today has been compromised, and a way to intercept traffic between computers, phones, and access points has been found. Today’s Internet and network connections rely on specific tools that are taken for granted, most of the time. From time to time, a way ...

  • Linux vulnerable to privilege escalation

    October 15, 2017

    An advisory from Cisco issued last Friday, October 13th, gave us the heads-up on a local privilege escalation vulnerability in the Advanced Linux Sound Architecture (ALSA). The bug is designated CVE-2017-15265, but its Mitre entry was still marked “reserved” at the time of writing. Cisco, however, had this to say about it before release: “The vulnerability is due to a use-after-free ...