Cyber Security Archive
Published last week, the UK’s Cybersecurity Breaches Survey contains a number of interesting facts. Although it was not surprising that most organisations found that Covid-19 made cyber security harder, it was surprising that the vast majority of organisations still do …
DMARC is a technology that enables responsible organisations to ensure that their domains are not spoofed in phishing attacks. In today’s cyber crime environment, it should be a standard aspect of every organisation’s security configuration. DMARC, however, won’t protect organisations targeted …
Ransomware is not just a type of cyber attack – it is an entire eco-system of supply, facilitated by a legitimate economy that, inadvertently perhaps, keeps the ransomware show on the road: Inside the Ransomware Economy | SecurityWeek.Com. The challenge …
As Windows ships a massive 89 security patches (14 critical, 74 important), Adobe ships critical patches for its software (although it doesn’t think they’ll be exploited!), and WordPress reveals a critical vulnerability that allows a bad actor to completely take …
Ada Lovelace (1815 – 1852), daughter of Lord Byron, is increasingly and widely recognised as the first person to see that a calculating machine – such as Charles Baggage’s Analytical Engine – could be programmed to solve problems of any …
FBI reports for 2019 show BEC (Business email compromise) attacks generating far better returns for cyber criminals than ransomware. BEC attacks do not require the same level of technology or human resource as do ransomware attacks, nor do they generate …
The number of identified criminal gangs targeting Critical National Infrastructure had, by the end of 2020, increased to 15 – from just 5 in 2018. These gangs target Industrial Control Systems (ICS) and Operations Technology (OT) in the electric energy …
There are good reasons for retiring old, out-of-date software – particularly when the vendor is encouraging you to switch to its newer, more secure version. A number of large organisations – including the Reserve Bank of New Zealand, the University …
A different approach than the SolarWinds breach to deploying malware within legitimate software: purchase a legitimate app on, for instance, the Google Play store, infect it with malware, and then issue an update to its millions of users. By the …
The scale of the Solar Winds attack demonstrates the depth of resources available to some attackers: https://www.securityweek.com/many-solarwinds-customers-failed-secure-systems-following-hack?microsoft
