
It is particularly worrying that some laptops being prepared to hand out to students contain a virus, as one would have thought a proper scan would have highlighted this concern at an earlier stage. However, it is not uncommon to have remnants of computer viruses on second hand machines – which therefore further emphasizes the importance of a thorough scan for malicious software before the initial use.
Any good anti malware product would have detected this worm, highlighting how vital it is
.....Read More
Google’s Project Zero research team do a magnanimous job in keeping possible threats from hitting our phones. Vulnerabilities that can occur without even requesting that the victim touch their device have the capability of causing havoc around the world, so it is vital that teams such as this continue to test and patch any zero-day threats they uncover. These threats are usually patched very quickly. Plus, Signal is open source which makes it easier to patch and keeps costs down.
In recent
.....Read More
Password security remains a huge challenge for organisations around the world and a massive threat to individuals too. One of the biggest challenges facing new users with a password manager is the thought of it taking them too long or being difficult to set up. One trap people still fall into is using the same or a variation of the same password across their online accounts which brings all sorts of problem. Passwords are in desperate need of an overhaul therefore this new move by Google may be
.....Read More
Phishing emails can often be quite easy to spot, but when CVs are attached to emails and sent to HR departments seemingly innocently, the chance of an exploit is heightened. Locating malware in macros in Word documents is nothing new, but this malware is particularly damaging as it can be deployed by just enabling the editing function.
Recruiters may want to request CVs are attached as PDFs as they are not required to be edited. Furthermore, it would be a good idea for administrators to block
.....Read More
Although such data stolen may sound trivial, a cryptographic hash of a password could still be reverse engineered back to its original state. Therefore, if a password has been used before, by you or anyone else for that matter, it could be reversed back into the password it was before it was encrypted. This, alongside a name and email, could be all it takes for threat actors to get into other accounts if people reuse their passwords across their online accounts. The ICO may state that if ‘a
.....Read More
Nowadays, threat actors specialising in ransomware tend not to stop at the first set of ransom demands. It can be far more lucrative if these criminals also release some of the stolen data on the dark web – and far more damaging to the organisation targeted.
Claiming responsibility can also add weight to further attacks when potential victims research the possible outcome if they are, unfortunately, attacked. Although it is nearly impossible to locate suspects in cyber offences, such a
.....Read More
Unfortunately, threat actors continue to hide behind and exploit well-known brand names because it is so highly effective. However, companies that are highly targeted, such as Microsoft and DHL, can offer some reassurance to their customers by adhering to a few basic rules.
While reminding their customers that phishing emails are often inevitable, these organisations must attempt to reduce the number of links in their own, legitimate messages, as this will mean that phishing emails look less
.....Read More
With the growth of anonymized networks, it is inevitable that we will continue to see demand for the dark web and other unidentifiable platforms for the sale of illicit drugs and other contraband. However, the golden age of dark web markets is slowly coming to an end as law enforcement tactics improve and agencies around the world work together.
Even if the anonymity cloak on the dark web isn’t yet fully off, the criminal fraternity is are often one step ahead – and we are starting to see
.....Read More
This is yet another reminder that cybercriminals target current and newsworthy platforms for bigger exposure.
This attack does not seem so far to be too sophisticated, although it does highlight how threat actors will attempt whatever they can to achieve a relevant goal. This now stolen data could be manipulated in extreme circumstances, but this would be unlikely.
However, what makes this slightly more perturbing is the way the breach was able to carve out deleted posts on top of live posts
.....Read More
With VPN usage more important than ever due to mass remote working, it is vital these vulnerabilities are patched at the earliest opportunity, so it is disappointing to learn that this was not updated within the 90 day disclosure time. However, this also highlights the time and expertise being spent on targeting all aspects of information security. With millions now at home, VPN usage has increased dramatically, which has put a dent in threat actors’ attack vectors. The sophistication of
.....Read More