I am often asked how threat actors get their malicious packages past both the latest technical monitoring and a well-trained staff. The quick answer is the hackers are always looking for and changing to new attack vectors – such as this one: MalDoc in PDFs: Hiding malicious Word docs in …
The wrong way to manage security patches…
…let the UK Government scrutinise your security patches before you are allowed to publish them to your vulnerable customers! Sounds like a bad dream. Read on. Security Patches are Important Alarm surrounds a clause in the UK’s Investigatory Powers Act. According to the proposed legislation, tech firms will be mandated …
Continue reading “The wrong way to manage security patches…”
Another Police Force with a Data Leak
Following the data loss and breach at the Police Service of Northern Ireland (PSNI) and the Norfolk and Suffolk Police forces, the London Metropolitan Police has reported a data breach. Met Police investigating suspected data breach – BBC News An investigation is underway at one of its suppliers into unauthorised …
Another Council with Ransomware
St. Helens Metropolitan Borough Council has reported a ransomware attack and is working with authorities to investigate and deal with the issues. Details are not available yet of any data theft of citizen’s information or extortion but it has had an impact on the council services St Helens Council still …
Catching up with the CISA Security Advisories
Whilst I have been away my team have been keeping up with security advisories that have impacted our clients. The vendors are the primary sources for my team but they also use the US government Cybersecurity and Infrastructure Security Agency (CISA) alerts and the Known Exploited Vulnerabilities Catalog. Let’s catch …
Continue reading “Catching up with the CISA Security Advisories”
