training | Smart Thinking Solutions

26 April 202226 April 2022

Lapsus$ hits T-Mobile

T-Mobile is the latest in a string of high profile organisations targeted by the Lapsus$ gang. It is reported this time that they stole valuable source code. T-Mobile hit by data breaches from Lapsus$ extortion group | TechRepublic The operation appears to have originated with a social engineering attack directed …

Continue reading “Lapsus$ hits T-Mobile”

26 April 202226 April 2022

Theft via Instagram – just promise something “to good to be true”

Social Engineering and Email Cyber Security Training

Nothing complicated about this – a simple scam, abusing people’s trust to net $3m. Send a message, pretend to be someone you are not, provide a malicious link and promise the victim something “free”. Crooks steal NFTs ‘worth $3m’ in Bored Ape Yacht Club heist • The Register It could …

Continue reading “Theft via Instagram – just promise something “to good to be true””

25 April 202223 April 2022

Zero-day security vulnerabilities exploited in 2021 – UPDATED 25 4 2022

Magnifying glass looking for a zero-day attack

This post was first made on 22 April 2022 I regularly write about the issues around the zero-day vulnerability and our Social Engineering and Email Cyber Security Training course aims to equip individuals and organisations to meet the challenge that the zero-day poses. Google’s Project Zero has reported on it’s …

Continue reading “Zero-day security vulnerabilities exploited in 2021 – UPDATED 25 4 2022”

25 April 202225 April 2022

Anatomy of a phishing email attachment – this is why we are always running training

SANS Internet Storm Centre has a couple of blog posts looking at the mechanics of a Word document and a PDF both of which are malicious payloads in a phishing email. This is what you are up against! Analyzing a Phishing Word Document – SANS Internet Storm Centre Simple PDF …

Continue reading “Anatomy of a phishing email attachment – this is why we are always running training”

22 April 202222 April 2022

Yes people do track a top ten for malware. Do you want to know what the #1 is?

It’s Emotet – this is obviously where the cyber-criminals are making their money. Emotet reestablishes itself at the top of the malware world • The Register Emotet is operated by an operation called Cryptolaemus, and they have been developing the code to bring the malware back after it had been …

Continue reading “Yes people do track a top ten for malware. Do you want to know what the #1 is?”

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.