The 15 most targeted security vulnerabilities of 2021 have just been published in a joint advisory from the NCSC. These are the main ways hackers are attacking businesses around the world. Cybersecurity authorities across multiple nations co-authored this publication to provide insight into the exploited vulnerabilities and offer mitigation strategies to deal with the identifiedRead more
Blog
Last week over 200 malicious packages were discovered in the npm registry targeting Azure developers with PII stealing malware. Reported by security firm JFrog, the malicious packages were uploaded to npm in a sort of typosquatting attack which targeted packages within the @azure scope. The attack method is simple: the attacker creates a malicious packageRead more
This week the NCSC issued a warning of the evolving risks posed by Ransomware, with increasingly sophisticated techniques being used to extort money from businesses around the world. The National Cyber Security Centre (NCSC) along with the USA’s CISA and Australia’s ACSC have produced a joint cyber security advisory on the increased globalised threat ofRead more
A SIM swap attack happens when a criminal uses social engineering to gain control of a victim’s mobile phone number so that SMS and calls made to the victim are received by the criminal. This then enables the criminal to impersonate the victim and perpetuate further fraud and attacks. What is a SIM? Mobile phoneRead more
At the RSA Conference in 2004, Bill Gates predicted the death of the password. 17 years later Microsoft is finally bringing that prediction to pass with the roll out of passwordless logins for Microsoft 365 services. How does it work, and is it secure? Bill Gates said in 2004: “There is no doubt that overRead more
The 2021 Data Breach Investigations report provides insights from the analysis of over 29,000 real world cyber security incidents from 2020 helping Security Managers track the evolving behaviour and tactics of threat actors. The Verizon Data Breach Investigations report has become a regular fixture on the annual cyber security calendar over the last 14 years.Read more
The number of ransomware attacks in the first 6 months of 2021 exceeded the total number for all of the previous year and it shows no sign of slowing down. According to a new report from SonicWall – the number of Ransomware attacks in the second quarter of 2021 is up 150% compared to 2020.Read more
The world has changed, and the CIS Controls have evolved to reflect those changes. The increased use of cloud computing, remote working, virtualisation, and outsourcing have all redefined and blurred the edges of the corporate network. The latest version 8 of the CIS Controls provides a practical framework for organisations of all sizes to identifyRead more
Early use of digital technology has been shown to improve language skills in young children, as well as helping to promote their creativity and social development. However, it’s not without risks. Threats to children online include cyberbullying and harassment, invasions of privacy, exposure to inappropriate content and dangerous sexual online activities. You might be askingRead more
As security professionals our job is to safeguard the Confidentiality, Integrity and Availability of the information and assets placed in our care. A Security Incident is anything that happens which places one or more of those aspects at risk. This usually will be as the result of a malicious act such as an attempted networkRead more
