Overview Email is still one of the primary ways we communicate, both in our personal and professional lives. However, quite often we can be our own worst enemy when using email. Here are th… Read More

Cyber criminals now have a wealth of information on almost all of us. With so many organizations getting hacked, cyber criminals simply purchase databases with personal information on millio… Read More

The New York Times The Wall Street Journal The Washington Post BBC The Economist The NewYorker The Associated Press Reuters Bloomberg News Foreign Affairs The Atlantic Politico Read more… Read More

Talent is the most important part of cyber-crisis preparedness. 1. Talent & planning The most essential component of cyber resilience (and cyber-crisis readiness specifically) is to hav… Read More

If your doing any of these 3 (and you probably are) you need to fix them ASAP. Use of unsupported (or end-of-life) software in service of Critical Infrastructure and National Critical Func… Read More

First part of the Tip: Don't do what is pictured above. EVER! So password Tips, Don't write down your password anywhere. Don't save your password in a file, word or anything like that. S… Read More

Two of the most consequential control system cyber events (attacks) in 2020 were supply chain attacks. The first event was the Chinese installing hardware backdoors in large electric transfo… Read More

If you’ve ever emailed a resort in Fiji or Vanuatu about that long-awaited holiday, it’s likely your email travelled through an undersea internet cable. Such cables carry much of… Read More

We live, to borrow a phrase, in interesting times. The pandemic aside, relations between the superpowers are tense. The sudden arrival of the new AUKUS security agreement between Australia… Read More

Risk managers in South Africa must suffer perpetual headaches these days. There is a crammed list of risk management priorities to constantly monitor. These include variable water and electr… Read More

A new law gives Australian police unprecedented powers for online surveillance, data interception and altering data. These powers, outlined in the Surveillance Legislation Amendment (Identif… Read More

Overview Does it seem like cyber criminals have a magic wand for getting into your email or bank accounts and there’s nothing you can do to stop them? Wouldn’t it be great if th… Read More

In order to circumvent network protection tools, cybercriminals may forge a TCP session more efficiently by submitting a bogus SYN packet, a series of ACK packets, and at least one RST (rese… Read More

Similarly to NTP, the Character Generator Protocol (CHARGEN) is an oldie whose emergence dates back to the 1980s. In spite of this, it is still being used on some connected devices such as p… Read More

Malefactors can exploit networked devices running Universal Plug and Play (UPnP) services by executing a Simple Service Discovery Protocol (SSDP) reflection-based DDoS attack. On a side note… Read More

Tasked with harvesting and arranging data about connected devices, the Simple Network Management Protocol (SNMP) can become a pivot of another attack method. Cybercriminals bombard a target… Read More

When executing an HTTP Flood DDoS attack, an adversary sends ostensibly legitimate GET or POST requests to a server or web application, siphoning off most or all of its resources. This techn… Read More

To perpetrate this attack, a malicious actor requests an array of web pages from a server, inspects the replies, and iteratively requests every website item to exhaust the server’s res… Read More

Also referred to as Ping Flood, this incursion aims to inundate a server or other network device with numerous spoofed Internet Control Message Protocol (ICMP) echo requests or pings. Having… Read More

Instead of using spoofed IP addresses, this attack parasitizes legitimate client computers running resource-intensive applications such as P2P tools. Crooks reroute the traffic from these cl… Read More

This one is carried out by sending a slew of packets containing invalid IPv4 headers that are supposed to carry transport layer protocol details. The trick is that threat actors set this hea… Read More

ReDoS stands for “regular expression denial-of-service.” Its goal is to overburden a program’s regular expression implementation with instances of highly complex string sea… Read More

Originally designed as a network stress testing tool, LOIC can be weaponized in real-world DDoS attacks. Coded in C#, this open-source software deluges a server with a large number of packet… Read More

HOIC is a publicly accessible application that superseded the above-mentioned LOIC program and has a much bigger disruptive potential than its precursor. It can be used to submit a plethora… Read More

This attack stands out from the crowd because it requires very low bandwidth and can be fulfilled using just one computer. It works by initiating multiple concurrent connections to a web ser… Read More

A successful Smurf or Fraggle attack can cripple your servers for hours, or even days. A Smurf or Fraggle attack could be a cover-up for something much worse. You could be assisting A Smur… Read More

1. SYN Flood This attack exploits the TCP three-way handshake, a technique used to establish any connection between a client, a host, and a server using the TCP protocol. Normally, a client… Read More

Russian intelligence services worked with prominent ransomware gangs to compromise U.S. government and government-affiliated organizations. Read the Full Analyst at https://analyst1.com/fil… Read More

A network of 65 Facebook accounts and 243 Instagram accounts was traced back to Fazze, an advertising and marketing firm working in Russia on behalf of an unknown client. One claimed AstraZ… Read More

T mobile Hacked, how did they find out? the Public told them. The Worst possible way to find out you were hacked. Your system were breached so well you didn't even notice the hack. If yo… Read More

Zoom does not comply with GDPR. It violates the General Data Protection Regulation (GDPR), as such use is associated with the transmission of personal data to the USA. In this third countr… Read More

Read more at Woods LLP Read More

What do cyberspace and outer space have in common? As we make clear in a new report to the Department of Defence, both are new frontiers for national security that blur traditional ideas abo… Read More

Whether it’s those wacky kids and their talking Great Dane, a costumed and genetically enhanced savior, or simply just intrepid journalists, extrajudicial surveillance and the use of i… Read More

China has enjoyed tremendous economic growth over the last thirty years and is on course to remain a key growth engine for the world’s economy. This economic success has enabled China… Read More

Overview You may have heard of a concept called “the cloud.” This means using a service provider on the internet to store and manage your data. Examples include creating document… Read More

Connected IoT devices and smart solutions are quickly expanding into every industry and aspects of our lives, and the numbers back this up. By 2025, it has been predicted that 75 billion IoT… Read More

Over the last 18 months, the digitalisation of public and private services has accelerated like never before. Due to limitations on physical contact and lockdowns around the globe, citizens… Read More

Cyberattacks are on the rise, impacting people, systems, infrastructures and governments with potentially devastating and far-reaching effects. Most recently, these include the massive REvil… Read More

Cybersecurity breaches are on the rise, particularly in the wake of the COVID-19 pandemic. Effective collaboration between private and public sector leaders is key to ensuring a nation is… Read More

Governments and criminals are not the only ones that "hack". When security is so weak you can just google up a program that hacks it for you any one can hack. So with that the Press will… Read More

If you run software from Elekta you might have been hacked back in April. And there was no public announcement. You a Cancer patient? did you have "radiation" therapy? You could have… Read More

Why would China hack you? you don't have anything to steal right? Well you do have one thing that china wants desperately. You have an IP and Bandwidth in the United States. So when Chin… Read More

Just in the last week it has come out that no matter how good a friend you are to china (Cambodia for example) doesn't mean China won't attack you. Chinese hackers stole data on the Me… Read More

TPCA is many things to many people. One it is the National Do not Call list. Another it is the SMS Compliance law, Text Spam Like spam emails, spam texts are any unwanted messages sent f… Read More

George Orwell in 1945, shortly after Victory in Europe that ended world war 2 in Europe, predicted the Cold War that "officially" ran from 1947-1991. This wasn't generally accepted until… Read More

The world’s most sophisticated commercially available spyware may be being abused, according to an investigation by 17 media organisations in ten countries. Intelligence leaks and fore… Read More

Washington and Moscow are engaged in a war of words over a spate of ransomware attacks against organisations and businesses in the US and other countries. These increasingly sophisticated cy… Read More

I hear this almost daily... "We don't want the UN" or "We don't want the WTC" or "we don't want ...." because they are not elected. To all those people, the Supreme court of the United S… Read More

For nearly two years, 68 United Nations member states — along with private enterprises, non-governmental organizations, technical communities and academics — participated in an o… Read More

Today’s multi-country condemnation of cyber-attacks by Chinese state-sponsored agencies was a sign of increasing frustration at recent behaviour. But it also masks the real problem &md&hell…Read More

If you have a Firewall, Antivirus and your looking where your efforts should go on increasing your corporate Security look no future than Phishing! 37% the highest concentrations of securit… Read More

Several years ago, creating a cybersecure home was simple; most homes consisted of nothing more than a wireless network and several computers. Today, technology has become far more complex a… Read More

Cybersecurity governance refers to the component of an organization's governance that addresses their dependence on cyberspace in the presence of adversaries. The ISO/IEC 27001 standard, fro… Read More

Dale Peterson says let’s not continue to wave our hands about the use of Cryptography in the lower layers of control systems. I agree. He’s proposing that we build on Cryptograph… Read More

Overview Mobile devices are an amazing and easy way to communicate with friends, shop or bank online, watch movies, play games, and perform a myriad of other activities. Since these devices… Read More

To help explain this innovation in payment technology, we’ve answered your top five questions on biometric cards from our recent webinar: Q1: What will be the main method of fingerprin… Read More

SolarWinds, the company at the center of a supply chain attack that compromised nine US agencies and 100 private companies, is scrambling to contain a new security threat: a critical zero-da… Read More

You may have heard the term thrown around online, or stumbled across a forum thread about Scambait tactics and ideas. This vigilante world of ordinary citizens fighting back against scamming… Read More

Fraud has reached “epidemic” levels in the UK over the past 12 months, costing up to £190 billion a year and constituting what the Royal United Services Institute has calle… Read More

Over the past few years, tensions have been rising between Russia and the United States — not in conventional military terms, but in cyberspace. The issue came to a head at this month… Read More

US President Joe Biden and Russian President Vladimir Putin discussed cybersecurity at their summit in Geneva, Switzerland, on 16 June. This discussion elevated the importance of cybersecur… Read More

Overview You may have heard of a new law called GDPR, or the General Data Protection Regulation. This law was developed by the European Union and takes effect 25 May 2018. It applies to any… Read More

Chances are you’ve seen a Hollywood film where criminals manage to access biometric security systems using basic spoof attacks such as gelatin-made fingerprints and fake irises. For ex… Read More

The COVID-19 pandemic has accelerated our transition towards an increasingly digital world. Now, thanks to lockdowns and remote working, people are realising, for example that meetings, whic… Read More

The following is the invitation from the US Air Force Cyber College: Please join the US Air Force Cyber College for a Virtual Cyber Seminar featuring Mr. Joe Weiss, Managing Partner, Applie… Read More

Small and medium enterprises (SMEs) constitute 99% of businesses in the EU and face diverse cybersecurity challenges including low management awareness and commitment; In a time of heighte… Read More

Overview When you think of cyber criminals, you probably think of an evil mastermind sitting behind a computer launching sophisticated attacks over the Internet. While many of today’s… Read More

Traditional commercial general liability and property insurance policies typically exclude cyber risks from their terms, leading to the emergence of cybersecurity insurance as a “stand… Read More

Writings on Chinese cyber operations tend to focus on cyber espionage and the stealing of state secrets for China’s military modernisation. Comparatively in discussions of cyber operat… Read More

Jake Brodsky shared an article about another water utility incident and went on to write a blog about it ( https://scadamag.infracritical.com/index.php/2021/06/17/yet-another-water-plant-at… Read More

A woman contacts her bank to take out a mortgage on her first house. A group of teenagers excitedly buy tickets to see their favourite musician who is touring through their town. A father si… Read More

Leading crypto banks such as BlockFi and Nexo are attracting a lot of attention. Customers can earn an APY (annual percentage yield) of up to 12%, dwarfing high-street savings accounts, whos… Read More

Read more at Woods LLP Licensed from http://www.securitycartoon.com/index.php?comic=20071001&tag=fightback&last= Read More

You may have seen a story in the news recently about vulnerabilities discovered in the digital forensics tool made by Israeli firm Cellebrite. Cellebrite's software extracts data from mobile… Read More

Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and every… Read More

Never respond to ... Emails Texts Phone Calls or any solicitation asking for personal information. No Matter HOW convincing the person or the message is. Email and messaging services (suc… Read More

Most businesses simply accept that their suppliers are cybersecure. • Product certification should be replaced with a focus of ensuring an entire organization is secure. • The IN… Read More

Disinformation in the digital sphere is no longer just a political phenomenon. As more people – especially women – face new forms of digital harm and abuse, we need new forms o… Read More

Overview Mobile devices, such as tablets, smartphones, and smartwatches, have become one of the primary technologies we use in both our personal and professional lives. What makes these de… Read More

Webster's Defines accountability as an obligation or willingness to accept responsibility or to account for one's actions. Read more at Woods LLP Read More

With heightened cybercrime during the pandemic, CEOs are wising up to the threat. • Money is not a panacea for cybersecurity; a considered strategy is. • Cybersecurity strategies… Read More

It's a losing battle. You will keep some safe.... Read more at Woods LLP Read More

Men's group and ACLU urge Supreme Court to hear challenge to male-only military draftEqual rights means all rights/privilege's not just the ones you want. But those that are a Burden as wel… Read More

The United States National Security Agency — the country’s premier signals intelligence organisation — recently declassified a Cold War-era document about code-breaking. T… Read More

The big idea We have developed and tested a secure new computer processor that thwarts hackers by randomly changing its underlying structure, thus making it virtually impossible to hack. La… Read More

On May 7, a pipeline system carrying almost half the fuel used on the east coast of the United States was crippled by a major cyber attack. The five-day shutdown of the Colonial Pipeline res… Read More

Do you have a Device from Amazon? If you do in just a few days (June 8th 2021) Amazon is going to start giving anyone passing by your house/work Access to your wifi on your Dime. It is C… Read More

Apple recently launched the latest version of its operating system, iOS 14.5, which features the much-anticipated app tracking transparency function, bolstering the tech giant’s privac… Read More

It took little over two hours for hackers to gain control of more than 100 gigabytes of information from Colonial Pipeline on May 7, 2021 – causing the firm to shut down its fuel distr… Read More

In the face of an unprecedented and exponentially growing global cyberthreat matrix, there must be a call to arms to all businesses – big, medium and small – to build cyber-organ… Read More

There is something great that has come out of a year of quarantine most if not all Security Conference have become virtual. So no need pay for hotels, Air Fair, and large conference fees (o… Read More

When Apple announced in a 2019 blog post that it had patched a security vulnerability in its iOS operating system, the company sought to reassure its customers. The attack that had exploited… Read More

Following the Colonial Pipeline Ransomware incident, Twitter exploded in to an orgy of blather from people demanding that we “air-gap” ICS. Those righteous keyboard warriors know… Read More

It is no secret that healthcare systems around the globe are facing unprecedented challenges. Beyond the obvious spectre of the pandemic, health services need to provide a growing, increasin… Read More

long with its many benefits, the internet has brought the world a new risk – cybercrime. Cybercrimes are offences that intentionally harm victims in various ways using telecommunicatio… Read More

Criminal organizations are using ransomware to exploit vulnerabilities during the pandemic. • Ransomware attacks have both a financial and a human cost. • 65 business, non-profit… Read More

The trans-alaskan oil pipeline that carries oil from the northern part of Alaska all the way to valdez. The recent ransomware attack on a major US pipeline owner outlines the vulnerability… Read More

Why did colonial Pipeline get hacked? The answer is pretty simple. They have almost NO Cyber Security Personal. A quick search on LinkedIn with show you there are only 3 people in the co… Read More

Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in e… Read More