You are here
Home > Be Aware

Hackers can work out your online passwords just from the sound of your keystrokes, study finds

Public spaces are definitely not the best places to use passwords or deal with sensitive information. To add to the risks of shoulder surfing, CCTV and dodgy wifi, we now have keyboard eavesdropping. Your Acceptable Use Policy should include a section on "Where you can access company information from"...: [...] Cybersecurity experts from Southern Methodist University in Texas found that sound waves produced when we type on a computer keyboard can successfully be picked up by

Eurofins Scientific: Cyber-attack leads to backlog of 20000 forensic samples

The real world impact of cyber attacks...: [...] The NPCC said it decided three weeks ago that it was safe for police forces to use the firm again. Since then, it has managed to reduce the backlog to 15,000. The "overwhelming majority" of cases - which include specimens from suspects and evidence from crime scenes - will be cleared within two months, the police body added. [...]

IT Governance’s 2019 Cyber Resilience Report reveals major data protection weaknesses

Before shaking your head about the state of others' cyber security, it's worth taking the linked self-assessment to see how your organisation compares...: Anti-malware technology is one of the most basic cyber security mechanisms that organisations should have in place, but according to IT Governance’s 2019 Cyber Resilience Report, 27% of respondents haven’t implemented such measures. This finding is even more surprising given that our customer base is naturally more know

Stronger Defenses Force Cybercriminals to Rethink Strategy

Do you have traps in place for criminals using tools like Mimikatz? Have a think about how a criminal gang would gain access to your network and then how they would gather credentials. Then think about how you would identify this activity...: [...] Financially motivated campaigns aren't going away. The report describes an uptick in "big game hunting," in which cybercriminals launch targeted attacks for financial gain using a broad range of tailored malware or commodity crime

Patch your internet-connected printer! Serious vulnerabilities discovered

I'll bet most printers never get an update throughout their entire lifetime, and many are left with default login credentials. Time to change that...: [...] Printers, just like any other IoT-enabled device, need to be secured, and updated with the latest firmware and patches to prevent a successful hacker attack. That’s the message which comes through loud and clear following the announcement by security researchers at NCC Group that they had uncovered multiple security h

British Airways E-Ticketing Flaw Exposes Passenger Flight, Personal Data

BA have not had a good time recently with IT. Here's one more problem to deal with ...: [...] Researchers on Tuesday said that check-in links being sent by British Airways to their passengers via email are unencrypted – opening them up to an attack that could expose victims’ booking reference numbers, phone numbers, email addresses and more. Researchers told Threatpost they estimate that 2.5 million connections were made to the affected British Airways domains over the past

Researchers Show How SQLite Can Be Modified to Attack Apps

Several points from this research: 1. Keep everything up to date; 2. The 'layer-cake' of open source components used in just about every application means that even if you trust the developer, you can't trust the app; 3. If you're a developer make sure you implement trust boundaries in a way that 'trusted input' really can be trusted. Time to build a threat model for your app stack?...: [...] At DEF CON last week, Check Point researchers demonstrated two real-life scenarios

DEF CON 2019: Picture Perfect Hack of a Canon EOS 80D DSLR

How many people take notice of security notices for their camera? I can see the risk to professional photographers, but it's currently more of an inconvenience to the amateur (until the attacker uploads a picture file to your camera that then infects your computer)...: [...] On Tuesday, Canon issued a security bulletin regarding six vulnerabilities tied to Check Point’s research. “Due to these vulnerabilities, the potential exists for third-party attack on the camera if the

Avaya VoIP phones at risk of Cyber-attacks, study suggests

VOIP brings a series of risks and requires good network design, segmentation of the control plane, and a comprehensive patch regime. If you're running Avaya, time to patch...: Espionage risks and cyberattack are normally limited to handheld phones or cellphones and to applications that are capable of connecting to the internet, but now a greater risk is upon the corporate world as office phones are also at risk to cyber-attacks. A security researcher on McAfee’s

Vulnerability Exposed Microsoft Azure Users to Cyberattack

TL;DR - turn on automatic updates...: New data from Check Point Research says dozens of vulnerabilities found in a commonly used protocol left millions of Microsoft cloud users open to attack. In a presentation this week at the Black Hat security conference in Las Vegas, the firm noted that flaws in the Remote Desktop Protocol (RDP)—routinely used to access remote Windows machines—could be exploited to execute arbitrary code on a target’s system, allowing them to view, ch