Blog

The NSA (National Security Agency) recently published a security advisory about the publicly known vulnerabilities currently being exploited by Chinese state-sponsored actors. While this security advisory is focused on the activities of state-sponsored actors, it does show the threats and vulnerabilities considered most useful for exploitation. Taking a quick look at the list could provideRead more

A new report from Accenture details the rise of the Network Access Seller: expert hackers who secure a beachhead into corporate networks and then sell the access in well organised markets on the dark web. If you are a ransomware operator looking for a juicy corporate target, the Network Access Seller markets on the darkwebRead more

NatWest Bank has partnered with Malwarebytes to provide endpoint protection software to NatWest customers.  Malwarebytes Premium edition will be available to download for free from within NatWest customer’s online banking portal.  NatWest is the only UK bank to provide premium virus protection to their customers according to Alasdair MacFarlane, Head of Fraud Prevention at NatWest.Read more

In a statement posted on Twitter, Foreign Exchange specialist Travelex confirms that its systems had been subject to a cyberattack on New Years Eve and that many systems and services had been taken offline as a precaution.  Four days into the incident, the main Travelex UK home page was still displaying an ASP.NET default errorRead more

The North Korean Lazarus hacker group is targeting crypto-exchanges with innovative fileless Mac malware. Security researcher Patrick Wardle describes this new fileless Mac malware strain in a recent blog post. The malware infects the machine in a fairly standard two stage approach.  The victim is first tricked into downloading an application for a new cyptocurrencyRead more

As professionals in the technical discipline of Information Technology, it can be easy to forget that the risks that we need to guard against are more than purely technical.  While it is true that patches need to be applied, security baselines followed, and firewalls configured – the job does not end there.  For many organisations,Read more

McAfee  reports that a trio of malware kits are being actively used to target Office365 users. The phishing emails contain a clip of audio pretending to be from a voicemail intended for the recipient.  A short clip of the audio can be played within the email which contains an urgent sounding ‘um hello?…’ The user isRead more

The number of cyber attacks in the UK is continuing to rise and small businesses are continuing to bore the brunt of these attacks. In fact, it is estimated that small businesses in the UK are targeted by 65,000 cyber attacks per day. Thankfully, the majority of these attacks are unsuccessful. However, a worrying numberRead more

The UK National Cyber Security Centre published an advisory this week regarding the ongoing and increasing risk of DNS hijacking. DNS is the system that converts domain names to IP addresses allowing the world wide web to function. Its architecture is designed to be distributed in order to be resilient and stable. This distributed andRead more

Formjacking is a type of cyber attack that can be used by an attacker to steal sensitive information that is entered by website users through forms.  Most usually this type of attack targets ecommerce sites to obtain payment card details and personal information that are entered by customers; however, Formjacking attacks can target any website whichRead more