As professionals in the technical discipline of Information Technology, it can be easy to forget that the risks that we need to guard against are more than purely technical. While it is true that patches need to be applied, security baselines followed, and firewalls configured – the job does not end there. For many organisations,Read more
Blog
McAfee reports that a trio of malware kits are being actively used to target Office365 users. The phishing emails contain a clip of audio pretending to be from a voicemail intended for the recipient. A short clip of the audio can be played within the email which contains an urgent sounding ‘um hello?…’ The user isRead more
The number of cyber attacks in the UK is continuing to rise and small businesses are continuing to bore the brunt of these attacks. In fact, it is estimated that small businesses in the UK are targeted by 65,000 cyber attacks per day. Thankfully, the majority of these attacks are unsuccessful. However, a worrying numberRead more
The UK National Cyber Security Centre published an advisory this week regarding the ongoing and increasing risk of DNS hijacking. DNS is the system that converts domain names to IP addresses allowing the world wide web to function. Its architecture is designed to be distributed in order to be resilient and stable. This distributed andRead more
Formjacking is a type of cyber attack that can be used by an attacker to steal sensitive information that is entered by website users through forms. Most usually this type of attack targets ecommerce sites to obtain payment card details and personal information that are entered by customers; however, Formjacking attacks can target any website whichRead more
In a recently published report on the state of the Internet security, Akami Research notes that they detected an average of 115 million credential stuffing attacks against their clients each day in 2018. Credential Stuffing is, according to OWASP: “the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts.Read more
Peebles Media Group is suing a former employee who fell victim to a CEO Fraud email which cost her employer almost £200,000. CEO Fraud is a common type of cyber-crime which targets businesses. Because the CEO or Managing Director of a firm is easy to identify – often being listed on the company website orRead more
A wave of DNS hijack attacks has been sweeping across Europe, the Middle-East and America according to recently published reports from FireEye and Cisco. While the attacks are creative and sophisticated, the root attack vector is often a simple credential compromise to the DNS control panel of an organisation’s domain name registrar. The scale ofRead more
51% Attack succeeds and over $1million Ethereum Classic is double spent The cornerstone design assumption in blockchain systems such as Bitcoin and Ethereum is that there is a large community pool of honest participants who mutually concur and authenticate blockchain events. Page 3 of Satoshi Nakamoto’s original whitepaper titled: “Bitcoin: A Peer-to-Peer Electronic Cash System”Read more
A massive security breach in Norway’s Health South-East Regional Health Authority may have exposed the personal health records of 2.9 million people. Covering ten counties, Health South-East RHA is responsible for the health care of 57% of Norway’s population. In 2013, Norway cemented their reputation for excellence in healthcare when they were placed first onRead more
