Antivirus (AV) is a commonly relied upon security control. But it’s worth remembering that there’s nothing inherently “hack-proof” about this type of software. After all, no program (AV included) is immune to outside attack!That said, if you can run your
If a direct attack on a particular network isn’t viable, then what’s the hacker’s next move? In many instances, it’s a case of going upstream: i.e. identifying an application trusted by the target – and using that software as a backdoor means of malware
It’s versatile, it works on a minimum of code - and it’s also relatively easy to put to work: three factors which go a long way in explaining why Python is currently being touted as the “world’s most popular coding language”.Black hat hackers are drawn to
We’ve been reminded that when it comes to malware delivery, threat actors tend to prefer tried and tested methods.A recent roundup from Cofense Intelligence included a breakdown of malware loaders analysed by volume for the month of August 2018. It found that
A business merger or restructure can leave existing Internet domains suddenly surplus to requirements. So what’s the harm in simply allowing them to expire? Recent research highlights the perils of letting old domains slip out of your control…Domain registry
Most enterprises have suffered at least one data breach through their printers. Meanwhile, researchers have recently highlighted the fact that many 3D printers are routinely being exposed online without any adequate access controls.Here’s the problem: too many
For any cyber security specialist who’s due a pay review, recently published threat reports make worthwhile reading. The latest annual roundup from FireEye confirms the Cyber Security Skills Gap as one of the biggest risks facing businesses. Specialists in
EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails. (UPDATE - This attack targets buggy email clients.)The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME
Listen (above) to my interview on the Secure Talk podcast where I discuss career advice for aspiring and existing cyber security professionals. Talk about security education, share my thoughts on the industry, credentials, certifications, advanced
The U.S. Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the UK’s National Cyber Security Centre (NCSC) have today issued a joint Technical Alert about malicious cyber activity carried out by the Russian government. To
Another promising DNS resolver with a security and privacy focus is the new free offer from Cloudflare called 1.1.1.1.Olafur Gudmundsson, director of engineering at Cloudflare, said: “Our goals with the public resolver are simple: Cloudflare wants to operate
Heads up about 13 vulnerabilities within AMD’s RYZEN and EPYC processors that could make some data breaches even worse. Note requires attackers to first gain administrative rights on a targeted network or computer.CTS Labs, a Tel Aviv-based security
As many of you are students I wanted to recommend this great new book: 'The Student Hustler'This book takes the reader through a journey of advice, guidance and anecdotes from the author (aka the Student Hustler) covering creative ways to make extra money
I'm working with Barclays PLC on a UK FinTech competition. This gives you a chance to get virtual coaching from me and to possibly win a share of £5,000.Barclays PLC has established itself at the forefront of development in financial technology (FinTech).
SABSA stands for the Sherwood Applied Business Security Architecture, and is a leading methodology for developing business operational risk and opportunity-based architectures. It provides a framework for developing risk driven enterprise information security
I recommend this tool if you want to check if your Windows machines are susceptible to the Spectre and Meltdown vulnerabilities. Bonus - It also checks the performance hit too of any applied fixes!“InSpectre” is an easy to use & understand utility
For the first time, we’re about to see in place a Europe-wide regime governing critical infrastructure cybersecurity. Here’s what you need to know about the Network and Information Security (NIS) Directive …The NIS Directive - what’s it all about?Affecting the
In reference to Windows security updates released January 3, 2018, and antivirus software.Microsoft customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities