You are here
Home > News > Information Security

Tycoon Ransomware Banks on Unusual Image File Tactic

I trust that you're monitoring anything that attempts to disable anti-malware processes? (yes, I have a solution for that)...: [...] Also, the attackers disabled the organization’s anti-malware solution with the use of the ProcessHacker utility and changed the passwords for Active Directory servers. This leaves the victim unable to access their systems. “This ransomware attack is the second one in the past month using the Java Runtime Engine (JRE) to execute the attack,”

Zoom Restricts End-to-End Encryption to Paid Users

I pay for my businesses Zoom accounts. Looks like Zoom are attempting a clear differentiation between paid and 'free'...: The end-to-end encryption feature will not be offered to free users, Zoom’s CEO said, in case Zoom needed to comply with federal and local law enforcement. Security experts are up in arms after learning that video conferencing app Zoom will only offer end-to-end encryption to paid users. On Zoom’s Wednesday first-quarter financia...

MoD creates regiment for cyber security

Long overdue. Ever since NATO declared cyber as a domain, it's been a priority for members to build offensive and defensive capabilities...: The 13th Signal Regiment will provide the basis of the new Army Cyber Information Security Operations Centre, focusing on the protection of defence’s cyber domain, and work with the Royal Navy and Royal Air Force to provide secure networks for all military communications. It will consist of several cyber protection teams and technica

MetaCompliance Releases Playbook for Changing Cybersecurity Culture

I like the "... for Dummies" style. This might get some attention. Worth a download...: Global Cybersecurity specialist MetaCompliance announced the publication of a new book, titled Cyber Security Awareness For Dummies. The book aims to act as a resource for implementing behavioral change and creating a culture of cyber awareness in organizations. Written by MetaCompliance CEO, Robert O'Brien and published in partnership with Wiley,Cyber Security Awareness For Dummies

Catches of the month: Phishing scams for June 2020

Good examples from the IT Governance blog...: One of the more damaging side-effects of the coronavirus pandemic has been the increase in targeted phishing scams. Action Fraud estimates that Britons were conned out of £3.5 million in the first two months of lockdown, with cyber criminals cashing in on the uncertainty that the pandemic has caused. As of 15 May, the UK’s cyber crime agency had uncovered 7,796 phishing emails linked to COVID-19. Although lockdown restri

5 cybersecurity risks created by Covid-19

There are a lot of lists that came out since WFH became the norm. Here's one of the better ones. You're probably doing all this already but it's good practise to check on a regular basis...: [...] Collectively, the cybersecurity threats to UK companies are real, but they are not powerless to stop them. In fact, while the cybersecurity landscape is incredibly expansive, companies can significantly reduce their risk exposure by following a few simple steps. 1....

Enemy Unseen – Part II: Why Dark Web Monitoring Is Essential

This article is a plug for BitDefender's Threat Intel service but it makes a good general point about monitoring the Dark Web for information that could be dangerous for your organisation. My business uses CybelAngel to scan not only the Dark Web but any internet connected source (NAS', S3 buckets...) and Shodan for devices that 'pop-up'...: [...] The problem with keeping an eye on the dark web is that you need specialized software to do so, as well as serious insider knowle

Law Firms ‘Performing Admirably’ In The Face Of Constant Cyber Attacks

Law firms hold privileged information on and behalf of their clients. As we've seen recently they are under constant attack...: Despite law firms being described as ‘performing admirably’ in the current conditions and daily attacks, many are still being compromised.  Last month saw entertainment lawyers Grubman Shire Miselas and Sacks, that saw a sample of 756gb worth of data extracted from the firm and included personal date of various celebrities, including Bruce Springste

Aston Martin CIO – WannaCry pushed us into a cyber security refresh

"An absence of evidence is not evidence of absence" is a longstanding term in medicine. The same applies to infosec. First, check that your controls are appropriate for the threats you're facing, then test the effectiveness of your controls...: [...] Anti-malware was an area that the company hadn't invested much time or energy on, so O'Connor and his team investigated what the business had in place up until that point; a legacy anti-malware solution that he preferred not to

‘Remote workers don’t care about data security’ indicates report

It's a small sample size but in line with what I'd expect. Unless data security has a personal ownership component it will continue to be seen as "someone else's problem". Chanting "Security is everyone's responsibility" doesn't work. I wonder how many of the 34% would play fast and loose with their online banking details...: According to a report commissioned by Apricorn of 100 UK-based IT decision makers from enterprise organisations, more than half (57%) still believe tha