Cybersecurity Starts in the Boardroom
This post was first published on 31 August 2022 Update 5 October 2022 The cost of this attack – to the local taxpayer – is now predicted to be £1m. Russia-linked cyber attack could cost Gloucester City Council £1m – BBC News “Every time I ask the question about the …
Continue reading “This cyber attack has still not been fixed… UPDATE”
Steganography When we were looking at steganography cyber attacks – hiding malicious code inside for instance image files – I was surprised just how much malware could be hidden without degrading the image. Here is a real-world example of this rare type if attack, spy are code embedded in a …
PuTTY, KiTTY and Sumatra PDF Reader – I did my due diligence before installing these – and now they have been targeted by ZINC, a state-sponsored group operating out of North Korea. ZINC weaponizing open-source software – Microsoft Security Blog Before writing this blog post I had checked my system …
Continue reading “Here is some of the open-source software I use – and it has all been targeted!”
Black Lotus Labs has discovered a new strain a malware, they are calling it Chaos. The new is very telling – the malware is infecting a wide range of devices and servers, Linux, Windows, small office routers etc. One of the servers infected was hosting an instance of GitHub, bringing …
When a threat actor compromises the coding of software the problems can be widepread – the SolarWinds attack and subsequent distribution of the infected software through legitimate update channels is a classic example. (Ironic but the SolarWinds customers who avoided the attack, were those with a poor cyber security stance …
Continue reading “Back to the supply chain and software compromise”
