About the Review

Welcome to the Cyber Security Review website.

The growth of the internet has impacted profoundly on everyday life and the global economy. It has evolved into a global, interconnected network of systems and information – cyberspace – that we know today, transforming the conduct of business and opening new markets.

Threats to cyber security are persistent and constantly evolving. With an ever-growing number of cyber attacks on critical infrastructure, online commerce and the private sector worldwide, security experts are finding that their work has become a race against the attackers.

The Cyber Security Review is designed to draw on the combined knowledge, skills and expertise of the cyber security community to identify the emerging threats and facilitate the development of coherent policies and robust capabilities.

Our mission is to promote dialogue and provide a platform for information exchange and cooperation between stakeholders, industry, academia and security experts worldwide.

Latest news 

  • US-CERT study predicts machine learning, transport systems to become security risks

    October 19, 2017

    The Carnegie-Mellon University’s Software Engineering Institute has nominated transport systems, machine learning, and smart robots as needing better cyber-security risk and threat analysis. That advice comes in the institute’s third Emerging Technology Domains Risk Survey, a project it has handled for the US Department of Homeland Security’s US-CERT since 2015. The surveys are cumulative, meaning any ...

  • Mysterious cyber espionage campaign uses ‘torpedo’ lure to trick you into downloading malware

    October 18, 2017

    An espionage group is launching cyber attacks against organisations in the maritime and defence sectors in what’s highly likely to be an effort to steal confidential information and research data. Dubbed Leviathan, the group has been active since at least 2014 and takes particular interest in maritime industries, naval defence contractors and associated university research institutions ...

  • Data breach hits 30m South Africans

    October 18, 2017

    The personal information of about 30 million South Africans has been compromised. This was revealed by Australian-based IT security researcher Troy Hunt. He created the Have I been pwned? platform as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach. Following the ...

  • Dangerous Malware Allows Anyone to Empty ATMs—And It’s On Sale!

    October 17, 2017

    Hacking ATM is now easier than ever before. Usually, hackers exploit hardware and software vulnerabilities to hack ATMs and force them to spit out cash, but now anyone can simply buy a malware to steal millions in cash from ATMs. Hackers are selling ready-made ATM malware on an underground hacking forum that anybody can simply buy for ...

  • Oracle Patches 250 Bugs in Quarterly Critical Patch Update

    October 17, 2017

    Oracle patched 250 vulnerabilities across hundreds of different products as part of its quarterly Critical Patch Update released today. Rounding out the list of products with the most patches is Oracle Fusion Middleware with 38, Oracle Hospitality Applications with 37 and Oracle MySQL with 25. Of the critical patches, security researchers at Onapsis said that they identified three high-risk ...

  • Newly Discovered Iranian APT Group Brings State-sponsored Cyber Espionage into Focus

    October 17, 2017

    State-sponsored cyber espionage has been rising steadily in recent years. Whether it’s high-profile attacks such as North Korea’s hack of Sony in 2014, China’s alleged hack of the US’s Office of Personnel Management in 2015, or Russia’s alleged hack of the Democratic National Committee in 2016, the stories are mounting. Iran has also been in the cyber espionage news, with major ...

  • Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware

    October 16, 2017

    FinSpy—the infamous surveillance malware is back and infecting high-profile targets using a new Adobe Flash zero-day exploit delivered through Microsoft Office documents. Security researchers from Kaspersky Labs have discovered a new zero-day remote code execution vulnerability in Adobe Flash, which was being actively exploited in the wild by a group of advanced persistent threat actors, known as BlackOasis. The critical ...

  • Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible

    October 16, 2017

    A flawed Infineon Technology chipset used on PC motherboards to securely store passwords, certificates and encryption keys risks undermining the security of government and corporate computers protected by RSA encryption keys. In a nutshell, the bug makes it possible for an attacker to calculate a private key just by having a target’s public key. Security experts say ...

  • How A Drive-by Download Attack Locked Down Entire City for 4 Days

    October 16, 2017

    We don’t really know the pain and cost of a downtime event unless we are directly touched. Be it a flood, electrical failure, ransomware attack or other broad geographic events; we don’t know what it is really like to have to restore IT infrastructure unless we have had to do it ourselves. We look at other people’s ...

  • WPA2 Going the Way of WEP After Wi-Fi Researchers Find Critical Flaw

    October 16, 2017

    The WPA2 (Wi-Fi Protected Access II) protocol that’s used by most Wi-Fi networks today has been compromised, and a way to intercept traffic between computers, phones, and access points has been found. Today’s Internet and network connections rely on specific tools that are taken for granted, most of the time. From time to time, a way ...

  • Linux vulnerable to privilege escalation

    October 15, 2017

    An advisory from Cisco issued last Friday, October 13th, gave us the heads-up on a local privilege escalation vulnerability in the Advanced Linux Sound Architecture (ALSA). The bug is designated CVE-2017-15265, but its Mitre entry was still marked “reserved” at the time of writing. Cisco, however, had this to say about it before release: “The vulnerability is due to a use-after-free ...

  • New EU cyber strategy leaves key security gaps

    October 15, 2017

    Last month, the European Commission released a report on “Resilience, Deterrence and Defence: Building strong cybersecurity for the EU”. GRI examines the strengths and weaknesses of this proposed strategy. The strategy is based on three principles: building greater resistance against cyber vulnerabilities, deterring cyber attacks against member states and increasing cooperation at the European and international level. In ...

  • Cyberespionage Group Steps Up Campaigns Against Japanese Firms

    October 14, 2017

    Researchers are learning more about the cyberespionage group Bronze Butler. While the gang has been targeting Japanese heavy industry since 2012, not much is known about the group’s current modus operandi. In a report released Thursday by the Counter Threat Unit at SecureWorks, a subsidiary of Dell Technologies, researchers paint the most complete picture yet of ...