As we discussed last month, while MFA is a great layer of protection it is not full-proof, something which UBER discovered recently much to it’s dismay. As ever in fraud and ‘cons’, sometimes the simplest methods are the most effective. While there has been a rise in advanced Phishing as a Service (PhaaS) offerings that aim…
A consortium of security and technology companies announced the development of an open source data interchange standard this week at the BlackHat 2022 event in Las Vegas. The standard – which currently has its home on GitHub – is called the Open Cybersecurity Schema Framework and aims to allow for simpler data movement between security…
Information security risk management is the process of identifying vulnerabilities to your information assets that could impact their confidentiality, integrity or availability along with the threats that could exploit those vulnerabilities – together these define the risk. The next step is to evaluate the risk to determine its severity, usually by considering the impact if…
Criminals are constantly coming up with novel techniques to launch attacks and there’s a new phishing technique available to them that’s a terrifyingly convincing. Users have been told for years to double check domain names, look for padlocks to confirm encryption is enabled and that using SSO (Single-Sign On) services is a good thing –…
As anyone who has worked with ISO standards know, they can be a great tool in the right hands and ISO 27001 (the information security management standard) is no different. In the fast-changing world of information security however, some elements of the standard and it’s controls have dated and do not quite align with modern…
IT technicians and support providers have long advised that users remove any applications they don’t need and never install any without good reason. Historically the reasoning was that it was to improve performance and reduce the impact of buggy software and conflicts. While the historic reasoning is still valid, stripping applications and keeping operating systems…
When a user ‘logs on’ to a system or application with a username and password, they are going through the process of authentication – literally verifying that the login is ‘authentic’. Unfortunately, an authentication system based on two pieces of text (username and password) is only as strong as the security of the pieces of…
Social engineering is the term used to describe manipulating others in to providing or doing things on your behalf. In popular culture, it is most commonly associated with cyber criminals but in reality many of the techniques used are similar to those used by confidence artists (“con artists”) for decades. Given then the widespread use…
