Browser in the Browser (BitB) attack: Visually perfect phishing

Criminals are constantly coming up with novel techniques to launch attacks and there’s a new phishing technique available to them that’s a terrifyingly convincing.  Users have been told for years to double check domain names, look for padlocks to confirm encryption is enabled and that using SSO (Single-Sign On) services is a good thing –…

Read more

Tech minimalism & Living off the Land

IT technicians and support providers have long advised that users remove any applications they don’t need and never install any without good reason. Historically the reasoning was that it was to improve performance and reduce the impact of buggy software and conflicts. While the historic reasoning is still valid, stripping applications and keeping operating systems…

Read more

SolarWinds Supply Chain Breach: The Worst in History?

SolarWinds touts its Orion enterprise monitoring software as providing a single pane of glass solution, that has quickly turned in to a single glass of pain. A sophisticated supply chain attack against the product has resulted in at least one – and almost certainly hundreds more – high profile breaches, including FireEye, a respected cyber…

Read more