When we undertake any cyber security survey, and we ask about software, we know the greatest amount of work we will have to do, is when the client says “we had this written for us” or we use this “open source software”. (We will not get into Android apps or …
Email scams – how hard is it to spot them?
This was going to be a “weekend read” but I thought it was important enough to be part of the main news feed. For an email phishing scam to work it has to, in some way, make you trust it. This exploitation of your trust is called social engineering and …
Continue reading “Email scams – how hard is it to spot them?”
Air-gapped systems used to be among the most secure IT systems – but they may be not anymore…
An air-gapped system is designed to be very secure. It is not connected to any other system, network or internet – literally a physical gap between it and the rest of the IT world. If it is not connected, then threat actors cannot connect to it. Mordechai Guri, from Ben-Gurion …
Anonymous browsing – not anymore
Researchers from the New Jersey Institute of Technology have written a paper, which they will present at the Usenix Security Symposium in Boston, demonstrating how threat actors (or governments or law enforcement) could de-anonymise a users from their browsing habits. The attackers would analyse browsing activity and state to determine …
The Rolling Pwn Attack – Honda drivers beware! UPDATED
Here is another research paper outlining how the wireless security car manufacturers are suing to secure our vehicles is woefully inadequate. The vulnerability often comes from the technology being used, having been developed for another task altogether. This time it is Honda – check to see if your car is …
Continue reading “The Rolling Pwn Attack – Honda drivers beware! UPDATED”
Blockchain security
Often it the online processes around blockchain and cyrpto-currencies that are exploited by the threat actors, not the blockchain itself – which remains secure. Following a year of research, a report by Trail of Bits, commissioned by the US Government Defense Advanced Research Projects Agency (DARPA) shows that the blockchain …
Google Threat Assessment Group tackles smartphone malware
This is a follow-up to last week’s story: New commercial spyware for phones – Smart Thinking Solutions This is Google describing how they countered the Hermit smartphone malware and discusses their Project Zero for countering zero-day threats. Spyware vendor targets users in Italy and Kazakhstan (blog.google) Your best defence against …
Continue reading “Google Threat Assessment Group tackles smartphone malware”