Exploiting browser password logins

The cool researchers over at freedom to tinker found two scripts that exploit browsers built in login managers to retrieve and exfiltrate ID’s. Below is the email I sent, and the reply from OnAudience     The script that OnAudience uses can be found here if you have time, check out this tweet thread between […]

Threatcare secures $1.4m seed funding

Threatcare has announced a $1.4m seed round led by Moonshots Capital and includes Flyover Capital and Firebrand Ventures. The Austin-based company was founded in 2014 by CEO Marcus Carey. Its flagship product, Violet, is a SaaS-based offering that enables continuous security validation through attack simulations. For many security departments, the question they are often faced […]

Meltdown

If everyone and their dog is talking about Meltdown and Spectre, then it would be negligent of me to not keep up with all the cool kids. Website for the vulnerabilities: Meltdown Attack Google Project Zero blog NCSC’s advice Linus Torvalds statement

Security Terminology

Work for long enough in one industry for any period of time and you end up speaking an entirely language altogether. This isn’t necessarily a bad thing, in many cases it’s convenient and allows rapid communication amongst peers. However, in Information security we need to be mindful when communicating with non security, or even non […]

Welcome to 2018

I thought I’d kick off the new year by poking around the news stories, surely not much could have happened. But quite a lot did unfortunately. In the video are the top 3 stories or headlines that caught my attention, but more importantly, I think we should make a pact to stop using these buzzwords […]

,

Analyst Vendor Briefings

Fuelled by a twitter conversation both Adrian Sanabria and Anton Chuvakin posted articles here and here, sharing some good tips on what makes a good briefing and common pitfalls to avoid. As a former (recovering?) analyst, I thought it only right that I jump on the bandwagon and share my thoughts on the topic. What […]

Thales splashes out $5.7bn for Gemalto

M&A in the infosec world has waited for the holiday season to go all out splashing its cash. A flurry of activity has occurred at the tail end of the year with considerable consolidation. Proving that encryption and identity management is no slouch, Thales has made an eye-watering bid of $5.7bn to acquire Gemalto, a […]

A tale of two public companies

Infosec companies don’t always get the love they deserve from the markets once they IPO. As Barracuda Networks discovered despite posting respectable profitable growth. PE firm Thoma Bravo stepped in, paying $27.55 per share for Barracuda in a $1.6bn move taking it private. The market can be unforgiving, even when a company like Barracuda is […]

Infosecurity magazine Look back over the year

Honoured to be the guest editor for Infosecurity Magazine yesterday. It was a day of fun which involved several things: 1. The announcement was made, which included this video 2. I took over their twitter account for an hour (brave of them) 3. I submitted a guest editorial 4. Had a Q&A with the real […]

,

The attitudes of credential sharing

My staff log onto my computer on my desk with my login everyday. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous !! — Nadine Dorries (@NadineDorries) December 2, 2017 This tweet by member […]