Browser in the Browser (BitB) attack: Visually perfect phishing

Criminals are constantly coming up with novel techniques to launch attacks and there’s a new phishing technique available to them that’s a terrifyingly convincing.  Users have been told for years to double check domain names, look for padlocks to confirm encryption is enabled and that using SSO (Single-Sign On) services is a good thing –…

Read more

Active Security Shield Hat

UPDATE: This is an April Fools’ Day joke – please do not contact us to order your asshat. Finally, your cyber security woes can be solved fashionably with the latest product from Seguro Ltd, the Active Security Shield Hat. Not only does this highly desirable piece of headwear look great, it sports a discrete active…

Read more

ISO 27001 Update Due

As anyone who has worked with ISO standards know, they can be a great tool in the right hands and ISO 27001 (the information security management standard) is no different. In the fast-changing world of information security however, some elements of the standard and it’s controls have dated and do not quite align with modern…

Read more

Tech minimalism & Living off the Land

IT technicians and support providers have long advised that users remove any applications they don’t need and never install any without good reason. Historically the reasoning was that it was to improve performance and reduce the impact of buggy software and conflicts. While the historic reasoning is still valid, stripping applications and keeping operating systems…

Read more

MFA: What it is and what it’s not

When a user ‘logs on’ to a system or application with a username and password, they are going through the process of authentication – literally verifying that the login is ‘authentic’. Unfortunately, an authentication system based on two pieces of text (username and password) is only as strong as the security of the pieces of…

Read more

Sudo Vulnerability found affecting

A vulnerability has been discovered in the Sudo linux utility that can allow any users (even those with relatively low privileges) so execute commants with root privileges – a simple and immediately ‘privilage escalation’. The most worrying thing is that this vulnerability is vintage, starting to appear in a version of sudo rolled out as…

Read more

Social Engineering Explained

Social engineering is the term used to describe manipulating others in to providing or doing things on your behalf.  In popular culture, it is most commonly associated with cyber criminals but in reality many of the techniques used are similar to those used by confidence artists (“con artists”) for decades. Given then the widespread use…

Read more