MFA Fatigue and the resilience of phishing

As we discussed last month, while MFA is a great layer of protection it is not full-proof, something which UBER discovered recently much to it’s dismay. As ever in fraud and ‘cons’, sometimes the simplest methods are the most effective.  While there has been a rise in advanced Phishing as a Service (PhaaS) offerings that aim…

Read more

Chinese cyber criminals are targetting Intellectual Property (IP)

While many cyber security attacks are driven by criminal organisations looking to make a pay day, the APT41 hacking groups – who allegedly have close ties to the People’s Republic of China (PRC) government – have been running a sophisticated campaign targeting manufacturing, research and development firms.  Their aim?  To make off with intellectual property…

Read more

There are no silver bullets

An article today by TechRadar about a new Phishng-as-a-Service with MFA bypass as a key selling point reminded me of something from a few years back, I was at a security event and attending a presentation by a reputable cyber security form on social engineering. Towards the end of the presentation they began summarising some…

Read more

Tech companies announce Open Cybersecurity Schema Framework

A consortium of security and technology companies announced the development of an open source data interchange standard this week at the BlackHat 2022 event in Las Vegas. The standard – which currently has its home on GitHub – is called the Open Cybersecurity Schema Framework and aims to allow for simpler data movement between security…

Read more

ISO 27001 Update Due

As anyone who has worked with ISO standards know, they can be a great tool in the right hands and ISO 27001 (the information security management standard) is no different. In the fast-changing world of information security however, some elements of the standard and it’s controls have dated and do not quite align with modern…

Read more

MFA: What it is and what it’s not

When a user ‘logs on’ to a system or application with a username and password, they are going through the process of authentication – literally verifying that the login is ‘authentic’. Unfortunately, an authentication system based on two pieces of text (username and password) is only as strong as the security of the pieces of…

Read more

Social Engineering Explained

Social engineering is the term used to describe manipulating others in to providing or doing things on your behalf.  In popular culture, it is most commonly associated with cyber criminals but in reality many of the techniques used are similar to those used by confidence artists (“con artists”) for decades. Given then the widespread use…

Read more

Remote iPhone Hack

Ian Beer of Google’s Project Zero recently posted an article describing a vulnerability in iPhones allowing for a remote explotation, a simple video he posted on YouTube really demonstrates the terrifying scope of this vulnerability.  In it 26 iPhones of various types are laid out on the flaw with a laptop in shot with some additional…

Read more