The pandemic has caused a re-evaluation of who is a 'key worker' so I shouldn't be surprised by quite a wide definition of 'critical'. Is a Zoom call 'critical'?...: [...] The Australian’s Government Security of Critical Infrastructure Act 2018 defines as critical infrastructure those entities or facilities “which if destroyed, degraded or rendered unavailable for an extended period, would significantly impact on the social or economic wellbeing of the nation, or affect Aust
One for your deception campaign...: Security vulnerability CVE-2020-1472, which was discovered and patched earlier this year, is still running rampant. Dubbed Zerologon, it is unique in its simplicity. It works by exploiting a Netlogon weakness. Netlogon is the always-on Windows service that enables end users to log into a network. The scripted hack runs incredibly quickly, searching for unpatched Active Directory systems and exploiting a weakness by adding the number zero i...
No. The headline is misleading. Internet warfare would see utilities stop working, or worse, transport systems grinding to a halt or perhaps falling out of the sky, financial systems crashing...you get the picture. However, this does give a glimpse of the capabilities that nations have built...: [...] The US indictment of six Sandworm operatives, all GRU military intelligence officers, gives a detailed account of how they went about their business. In preparation for the ...
I saw the headline and groaned "not again". This seems to be a regular feature of Magento. I'm glad I've moved my clients off of the platform (breathes sigh of relief)...: Two critical flaws in Magento – Adobe’s e-commerce platform that is commonly targeted by attackers like the Magecart threat group – could enable arbitrary code execution on affected systems. Retail is set to boom in the coming months – between this week’s Amazon Prime Day and November’s Black Friday – w
"Internet Explorer?" I hear you say. Yes, it's still in widespread use especially in enterprise environments where it's used to access legacy applications. But that brings a number of risks. Microsoft are attempting to mitigate one risk, insecure Jscript, with this new feature. However, I can't see many people firing up the registry editor themselves so this is probably one for the desktop support team to get to grips with...: [...] Additionally, before toggling off IE JScri
You don't need to be a 'Security Expert' nowadays to know that every major newsworthy event brings a surge in scams. As always, be careful out there and if you're responsible for the safety of others give them a reminder (or even training - something we sell, hint, hint)..: Security experts are warning of a deluge of phishing activity designed to capitalize on a major Amazon promotional event taking place this week.
There's a dynamic tension between the need to disclose what's happened, especially if personal information has been compromised which brings regulatory pressure, and the desire to put the fires out and investigate thoroughly before disclosure. Let's see how this one plays out...: [...] If I was heading up an organisation that had suffered a cyber attack and I had been hit by ransomware, I can see a scenario whereby I may not want the attack to become public knowledge. If, fo
2020 not been depressing enough for you already?...: [...] The Cyber Attack Predictive Index (CAPI) devised by computer science professor Anton Dahbura along with cybersecurity lecturer Terry Thompson and former undergraduate Divya Rangarajan provides a predictive analysis of nations most likely to engage in the surreptitious strategy waged with keyboards, code and destructive malware rather than soldiers, tanks and airplanes. “The site attempts to anticipate and predict