By now, you’ve all seen the headlines: Dropbox was breached well over four years ago and just now the true impact of that breach is coming to light: nearly 70 million accounts were impacted. That’s not a small number. But what’s even more interesting – and we’ve been warning companies about this for a while – is that this breach was apparently tied to a different, also very high-profile, breach. The Dropbox employee whose password was exploited in the...
Read more
No matter where you may be in the world, the email attachment is the most common means by which criminals deliver malicious code into your IT estate, allowing them to steal vital information, hold your organisation to ransom or wreak havoc within your enterprise. The global trend is that ransomware in particular is on the increase at an alarming rate. A report earlier this year identified that the first half of 2016 saw 172 per...
Read more
The threat of cyber-attacks is something with which many businesses are familiar. The sad truth is that they are not going to go away any time soon and, if anything, they are getting more sophisticated and more difficult to prevent. One of the most damaging is the ransom attack, in which an organisation’s data is compromised and only released on payment of a ransom. In a widely reported case, Sony Pictures’ internal network was taken...
Read more
Every day, and usually without organisations realising it, their networks are being breached. With confidential information exposed to the wrong eyes, secrets can become commodities capable of ruining well held reputations. We live in a world where network incidents are so common that no one can deny their existence. As attacks proliferate, problems mount. With the attack surface continually growing, more devices being plugged into networks, and growing volumes of data, the challenges for corporate...
Read more
It appears that this summer’s creature-catching craze has caught something of its own: ransomware. Any type of digital, cultural phenomenon like Pokémon Go is likely to be exploited by malware writers, so it’s no surprise that Pokémon Go is now a transmitter of the malicious code. Fun vs. fear Just last week we learned of Hitler ransomware, which, as I noted, leverages fear by using an offensive image as a way to drive irrational behaviour. Pokémon...
Read more
There is no network security technology more ubiquitous than the firewall. With nearly three decades of deployment history and a growing myriad of corporate and industrial compliance policies mandating its use, no matter how irrelevant you may think a firewall is in preventing today’s spectrum of cyber threats, any breached corporation found without the technology can expect to be hung, drawn, and quartered by both shareholders and industry experts alike. With the majority of north-south...
Read more
Despite Julian Assange’s promise not to let Wikileaks’ “radical transparency” hurt innocent people, an investigation found that the whistleblowing site has published hundreds of sensitive records belonging to ordinary citizens, including medical files of rape victims and sick children. The idea of having all your secrets exposed, as an individual or a business, can be terrifying. Whether you agree with Wikileaks or not, the world will be a very different place when nothing is safe....
Read more
Not a week goes by without a cyber-incident hitting the press. TalkTalk, Carphone Warehouse and Ashley Maddison are the most notable recently, but unless the response is handled correctly they will end up costing the victim far more than the perpetrator initially intended. The principles of responding to cyber incidents are no different to responding to any emergency or crisis but there are a few “gotcha’s” to look out for and a few simple steps...
Read more
Auriga, specialists in cyber security, technology and risk management, today warned that the time taken between detection and response, as evidenced in the Yahoo! data breach, is creating an open window of compromise. The Yahoo! data breach saw 500 million accounts compromised back in 2014 with the data then posted for sale on a dark web site called The Real Deal. Yahoo! only discovered the breach after investigating a separate incident in August and chose...
Read more
About two months ago, a Twitterer going by 0x2Taylor announced a sizeable data dump. More than 300,000 credit card records were uploaded to the file sharing service Mega; the data has since been removed from Mega, but not before it was widely downloaded by many interested parties. By some standards, 300,000 stolen records doesn’t sound very many these days. That’s a sad state of affairs, of course, caused by the daunting size of some high-profile...
Read more