I am often asked how threat actors get their malicious packages past both the latest technical monitoring and a well-trained staff. The quick answer is the hackers are always looking for and changing to new attack vectors – such as this one: MalDoc in PDFs: Hiding malicious Word docs in …
The wrong way to manage security patches…
…let the UK Government scrutinise your security patches before you are allowed to publish them to your vulnerable customers! Sounds like a bad dream. Read on. Security Patches are Important Alarm surrounds a clause in the UK’s Investigatory Powers Act. According to the proposed legislation, tech firms will be mandated …
Continue reading “The wrong way to manage security patches…”
Hardware the overlooked cyber security risk
Just last week we had to intervene when a client was going to donate their redundant computers to a charity. We ran our disposal procedure over them before we let them go. Then I saw this in the tech news: Canon warns of Wi-Fi security risks when discarding inkjet printers …
Continue reading “Hardware the overlooked cyber security risk”
Defence-in-Depth – The Next Step
Yesterday I wrote the opening chapter of this defence-in-depth article – I looked at how anti-virus protection can be side-stepped by threat actors and that staff cyber awareness training is needed to provide another layer to your defences. That was a human addition to your defence-in-depth and today we are …
NHS Trusts hit by a cyber attack on a software vendor
Ortivus is a Swedish based provider of cloud based software for the health industry. Since 18 July it has been investigating a cyber security incident which has impacted a number of its services. These include the patient and transport information solution used by South Western Ambulance Service Trust and South …
Continue reading “NHS Trusts hit by a cyber attack on a software vendor”
