A consortium of security and technology companies announced the development of an open source data interchange standard this week at the BlackHat 2022 event in Las Vegas. The standard – which currently has its home on GitHub – is called the Open Cybersecurity Schema Framework and aims to allow for simpler data movement between security…
Criminals are constantly coming up with novel techniques to launch attacks and there’s a new phishing technique available to them that’s a terrifyingly convincing. Users have been told for years to double check domain names, look for padlocks to confirm encryption is enabled and that using SSO (Single-Sign On) services is a good thing –…
When a user ‘logs on’ to a system or application with a username and password, they are going through the process of authentication – literally verifying that the login is ‘authentic’. Unfortunately, an authentication system based on two pieces of text (username and password) is only as strong as the security of the pieces of…
Social engineering is the term used to describe manipulating others in to providing or doing things on your behalf. In popular culture, it is most commonly associated with cyber criminals but in reality many of the techniques used are similar to those used by confidence artists (“con artists”) for decades. Given then the widespread use…
Ian Beer of Google’s Project Zero recently posted an article describing a vulnerability in iPhones allowing for a remote explotation, a simple video he posted on YouTube really demonstrates the terrifying scope of this vulnerability. In it 26 iPhones of various types are laid out on the flaw with a laptop in shot with some additional…
SolarWinds touts its Orion enterprise monitoring software as providing a single pane of glass solution, that has quickly turned in to a single glass of pain. A sophisticated supply chain attack against the product has resulted in at least one – and almost certainly hundreds more – high profile breaches, including FireEye, a respected cyber…
