The German Federal Office for Information Security (or BSI) has published a report (in German) which evaluates the most popular modern web browsers against the BSI’s own guidelines for ‘modern secure browsers’ and only Firefox emerges with flying colours. The audit examined Mozilla Firefox 68 (Extended Support Release), Google Chrome 76, Microsoft Internet Explorer 11,Read more
Blog
The rapid increase is resolution and quality of smartphone cameras in recent years is opening up new possibilities for criminals. The BBC reports that a Japanese pop star was attacked outside her home after her stalker was able to examine the reflections in her eyes in multiple social media images and identify the street where sheRead more
Anti-virus company Avast has revealed they were breached over several months, after identifying the suspicious activity on their network on 23rd September according to a blog post by their CISO. Avast think their CCleaner software was the target of a supply chain attack – with the hackers attempting to repeat the 2017 insertion of maliciousRead more
What is the cyber kill chain and how can it help shape your security policy? The idea of the cyber kill chain was first proposed by computer scientists at the defence contractor Lockheed Martin in 2011. Given the background of the business, it is not surprising that their approach to defining a cyber-attack was heavilyRead more
Two recent significant cyber-attacks demonstrate the huge cost of malware attacks against large businesses. Aluminium producer Norsk Hydro has estimated remediation costs of their ransomware attack at £60 million (650 million Norwegian Crowns). The attack back in March 2019 saw the company’s systems infected with the LockerGoga ransomware which brought production to a halt at 170Read more
Europol has just published their 2019 Internet Organised Crime Threat Assessment The key findings of the report make for interesting reading for Security Managers: While the number of ransomware attacks have reduced since 2018, the attackers have shifted their focus to more profitable targets – your businesses! Phishing and vulnerable Remote Desktop Protocol attacks areRead more
On 20th August 2019, we published a news article on our website that was intended to highlight a vulnerability which affected Messerschmitt “Mobile Key” door locks. At the time of writing, this article was written in good faith by us and was based on the previously-released research conducted by Chaos Computer Club that was presentedRead more
The trial of a Sys Admin who worked for the Fin7 cyber-crime syndicate provides a surprising look into the inner workings of the organisation. Fedir Hladyr was the Sys Admin running the support infrastructure for Fin7. He was responsible for JIRA, Jabber and HipChat servers used to co-ordinate the work of their teams of hackersRead more
In the eternal arms race between malware writers and anti-virus vendors, a new front of attack is opening. As security software has responded to the use of MS Office files as a means for malware delivery over email, the attackers have started to shift to the OpenDocument (ODT) file format first popularised by OpenOffice andRead more
Security researchers from two German universities have published details of flaws in document PDF encryption Digitally signed and encrypted PDF documents are widely used: to execute contracts, meet statutory reporting obligations and to protect commercially sensitive information transmitted as email attachment. Breaking PDF digital signatures PDF digital signatures use asymmetric cryptography; that is the signerRead more
