You are here
Home > Be Aware

Cyber security takes its place alongside UK’s armed services

One, presumably unintended, consequence of the use of the term 'warfare' for these cyber attacks is that most organisations' insurance will be invalidated. We're seeing this argument being made in the case of Mondelez...: [...] Carter said the increasing digitisation of society was opening new ways to execute “political warfare” through the use and abuse of information, online espionage, state-backed cyber attacks and intellectual property theft, among other things, often ba

7 in 10 Cameras Are Running Outdated Firmware

The same could be said for most other non-computer devices that are connected to your network. Do you have a plan for updating camera, doors etc?....: [...] “Unfortunately, our research shows that the “set it and forget it” mentality remains prevalent putting an entire organization’s security and people’s privacy at risk. All it takes is one camera with obsolete firmware or a default password to create a foothold for an attacker to compromise the whole network,” added Cheval

Top gadgets for the security and privacy conscious (or the super paranoid!)

Given that just about all of my data is in a cloud service, securing my devices is probably less important than making sure my s3 buckets are properly secure (for example). However, some of this stuff just looks so cool..: [...] Apricorn Aegis Padlock Fortress FIPS USB 3.0 hard drive #12: APRICORN AEGIS PADLOCK FORTRESS FIPS USB 3.0 HARD DRIVE See it now: Amazon Not only do Apricorn external hard drives offer a high level of data security, they also look so dar

When Rogue Insiders Go to the Dark Web

This is why you need some way of identifying data leakage, like CybelAngel (yes, shameless plug), and to look after employees that have access to sensitive information. This is all complicated by outsourcing as the employee might not be under your direct control...: Researchers who operate undercover in the Dark Web are noticing an increase in activity among rogue employees selling access and stolen data from their organizations — mainly financial and telecommunications co

ACCC calls for Privacy Act changes to protect loyalty scheme customers

Australia is having a debate about the privacy implications of loyalty cards. I don't have payment information linked to any of my loyalty schemes (mostly airlines and the ubiquitous Tesco ClubCard) but if I did, this is the kind of behaviour I'd expect...: [...] Another major concern outlined in the report was around how loyalty schemes are automatically linking members' payment cards to their loyalty scheme profiles to track purchasing behaviours even if members do not act

Post NordVPN Data Exposure: Using Domain Threat Intelligence to Prevent MitM Attacks

I've used this TIP as a sanity check on our dns and server configurations, though it's complicated by our use of Cloudflare for CDN and additional security. Might be useful to you too...: [...] When a service that promises to protect user data and identity gets hacked, the incident highlights the increasing boldness and sophistication of attackers. With the possibility of MitM attacks as a result of TLS certificate and private key exposure, what can help stop adversaries fro

The blame game: When hackers steal your data, is it a corporate failure – or the attackers’ fault?

This is taken from an advert for SANS. Making the point about the applicability of 'victim shaming'...: [...] I’ve heard arguments recently that the victims (corporate or otherwise) can never be blamed for the actions of an attacker. A data breach has been compared to a simple street mugging: “You can’t blame the victim for being robbed even if they are walking late at night, on the phone or wearing expensive exposed jewellery; it isn’t their fault”. This isn’t really a comp

Now even the FBI is warning about your smart TV’s security

Here's the FBI advice on smart TVs. I have a fairly basic model from Samsung with no camera nor (I think) microphone. I keep it up to date and have it connected to a dedicated media network so it's isolated from our computing resources. You've probably guessed that I have little trust in smart devices...: [...] Yes, I said your TV. Specifically your smart TV...the one that is sitting in your living room right now. Or, the one that you plan to buy on super sale on Black Frida

Over a Quarter of Law Firm Websites Unsecure

I did a quick check against best practise against the magic circle websites. They all default to https, which is good, with no option for 'plain' http, which is even better. How would your website(s) fare against a similar check?...: Law firms are failing in their efforts to tackle the rising risk of cyber crime. Even with £millions continuing to be fraudulently redirected, with the associated reputational impact and knock on effect on professional indemnity insurance premiu

SMS Replacement is Exposing Users to Text, Call Interception Thanks to Sloppy Telecos

I've moved away from SMS or other network-based authentication methods and now use mostly Google Authenticator. Looks like that's the way to go...: A standard used by phone carriers around the world can leave users open to all sorts of attacks, like text message and call interception, spoofed phone numbers, and leaking their coarse location, new research reveals. The Rich Communication Services (RCS) standard is essentially the replacement for SMS. The news shows how even