I’ve followed Scott Helme’s work for a while now and have been impressed with his approach. So was interested to find out that he had teamed up with BBC Click and Prof Alan Woodward to comprehensively dismantle a vendors claim to total security. Scott has published the whole story on his blog and The BBC Click […]

In between all the politics and memes on twitter, you sometimes come across a genuinely interesting security conversation. My friend Quentyn Taylor, who happens to be a CISO posted this tweet that generated a lot of great commentary. and for those infosec people who just say “upgrade all your legacy”…well someday you too may work […]

On 17 April (Monday) the strain, dubbed “BankBot”, was discovered in an application called “HappyTimes Videos” on Google’s Play Store. In addition, experts from Securify, a Dutch cybersecurity firm, recently found another infected app there, titled “Funny Videos 2017”. The Trojan is able to pose as legitimate services, mostly banks and financial institutions. However, once […]

The Intercontinental Hotels Group (IHG) has been forced to reveal yet another major data breach of customer card details over the latter part of 2016. In a lengthy missive on Friday, the group explained that an unspecified number of IHG hotels run as franchises were affected between September 29 and December 29 last year. via […]

Like Mirai, Hajime also scans the internet for poorly secured IoT devices like cameras, DVRs, and routers. It compromises them by trying different username and password combinations and then transferring a malicious program. However, Hajime doesn’t take orders from a command-and-control server like Mirai-infected devices do. Instead, it communicates over a peer-to-peer network built off protocols […]

A sharp spike in the number of health care data breaches was recorded in March with 39 incidents taking place compromising more than 1.5 million patient record. via 1.5 million records lost in March health care industry data breaches 1.5m records lost in March health care industry data breaches represents a rather unsettling trend. While […]

The ransomware is provided as a C++ source code, paired with the necessary PHP web server scripts and a payment panel. via CradleCore Ransomware Sold as Source Code | SecurityWeek.Com As if the world didn’t have enough troubles with vanilla ransomware. They went ahead and created ransomware as a service (RaaS). But now they’ve gone […]

“Customers should pay close attention (to) their own security and take security into consideration when selecting a service bureau and working with other third-party providers,” SWIFT, also known as the Society for Worldwide Interbank Financial Telecommunication, said in a press release published on its website. via SWIFT warns on vendor security after documents leaked by […]

Cyberattacks — “We had one of our top cyberattack experts at AP talk to us. They were unanimous that the word is greatly overused for things like hacking. We caution that the word cyberattack should be used only for significant and widespread destruction,” Froke said. via AP style for first time allows use of they as […]

What originally appeared to be one of the most damaging releases in recent memory of “zero-day” exploits, or hacking tools that take advantage of previously unknown software vulnerabilities, fell from the sky with the shrieking ferocity of a MOAB bomb and landed with the soft thud of a dud. via Microsoft’s Quiet Patch of Shadow […]

Last Friday night, as midnight approached, someone managed to trigger the emergency siren system used by the city of Dallas for tornado warnings and other emergencies. And that someone managed to keep the alarms in action for 95 minutes—even after emergency services workers shut them off. The entire system had to be shut down. via Pirate […]

I’ve been reading up on GDPR lately and frequently use mind maps to organise my thoughts. So, I thought I’d share the interactive mind map I created for GDPR with its 11 chapters, 99 articles and 187 recitals. Let me know if I’ve missed anything or should amend for clarity.

There’s a lot going on in the world about governments snooping on citizens, and hacker groups trying to gain control over your facebook. While these are genuine concerns, it probably shouldn’t be the biggest worry for most citizens. It is always easier to point the finger at a boogeyman, and blame all your woes on […]

Hackers are everywhere, but they’re not content with just hacking into banks and stealing the money. They are after you too. Once they get access to your facebook or email account, they can read all your private messages, send out rude messages that claim to be from you, and generally ruin your life. Often they […]

Why should we be concerned about the successful SHA-1 collision attack that was recently demonstrated by Google researchers? I take a look at encryption, cryptographic hashing, and why this attack is a big deal.

New York-based Flashpoint was founded in 2010, and has evolved its mission to comb the dark web to provide business risk intelligence to help organizations mitigate risk across the enterprise. The company is headed up by CEO Josh Lefkowitz, with Evan Kohlmann and Josh Devon serving as chief innovation officer, and chief operating officer respectively. […]

Today is the last Alien Eye in The Sky episode for 2016, so rather than just recapping the week, we thought we’d take a look at what’s transpired over the course of 2016. To be honest, I underestimated the huge task at hand, and after researching several hundred breaches, decided that it was better to […]

Network security is a major concern for both enterprises and individuals. With threats seemingly around every corner, we focus much of our energy on awareness and mitigation, such as firewalls. Well, sometimes. It’s not always this simple. Setting up a suitable firewall becomes far more of a challenge the more systems there are in a […]

Another week, another set of impactful, bizarre, and interesting security stories.   We tried something interesting this week, rather than focusing on a few stories in the video and posting links to others, we’ve crammed them all into one action-packed episode! Stories covered   Toyota dealer sued for stealing intimate photos off couple’s smartphone   […]

Every so often, a report gets presented which looks like it was written by the work experience student that was employed by the intern. So what’s the best way to respond? I went on twitter to ask the opinion of folk who have to deal with this kind of thing on a regular basis, and […]