fbpx

Find out how to manage detection and response for better cyber security

Draw together disparate systems and spread your infosec skills wider with Open Systems While a prevention layer around your network is important, don’t forget you need detection and response practices to deal with threats once they’re in your systems – and to mitigate their effects quickly and thoroughly. Basically, an old-school firewall just isn’t going …

Find out how to manage detection and response for better cyber security Read More »

panic check point

Check Point chap: Small firms don’t invest in infosec then hope they won’t get hacked. Spoiler alert: They get hacked

One vendor’s security controls aren’t enough, says Dan Wiley “I don’t want to have a job any more,” said Check Point’s Dan Wiley, sitting in a fashionably nondescript London coffee shop. “I don’t want to have to do my job. It means that we failed.” Far from being depressed, Wiley was expressing the forlorn hope …

Check Point chap: Small firms don’t invest in infosec then hope they won’t get hacked. Spoiler alert: They get hacked Read More »

UK.gov is not sharing Brits’ medical data among different agencies… but it’s having a jolly good think about it

Ministry of Fun under pressure to admit it’s going to happen Who’d be a head of data policy for the British government? You spend all your time talking about data transparency, but it is so hard to be transparent. Just ask Stephen Lorimer, head of public sector data at the Department for Digital, Culture, Media …

UK.gov is not sharing Brits’ medical data among different agencies… but it’s having a jolly good think about it Read More »

FYI: When Virgin Media said it leaked ‘limited contact info’, it meant p0rno filter requests, IP addresses, IMEIs as well as names, addresses and more

Infosec biz that found the database spill raises eyebrow at UK ISP’s advisory to subscribers A Virgin Media server left facing the public internet contained more than just 900,000 people’s “limited contact information” as the Brit cable giant’s CEO put it yesterday. In fact, the marketing database also contained some subscribers’ requests to block or …

FYI: When Virgin Media said it leaked ‘limited contact info’, it meant p0rno filter requests, IP addresses, IMEIs as well as names, addresses and more Read More »

EARN IT encrypted america

Don’t be fooled, experts warn, America’s anti-child-abuse EARN IT Act could burn encryption to the ground

Wait, a proposed law tackling the sexual abuse of kids and they name it… the EARN IT Act? Seriously? On Thursday, a bipartisan group of US senators introduced legislation with the ostensible purpose of combating child sexual abuse material (CSAM) online – at the apparent cost of encryption. The law bill is called the Eliminating …

Don’t be fooled, experts warn, America’s anti-child-abuse EARN IT Act could burn encryption to the ground Read More »

UK spy auditor gives state snoops a big pat on the back for job well done – except MI5

Domestic intel agency’s cloud server continues to get them into hot water The UK’s spy agency auditor has given public sector snoopers a clean bill of health – except for domestic surveillance specialists MI5, whose cloud data storage blunder is still under investigation. In its annual report for 2018, published this week, the Investigatory Powers …

UK spy auditor gives state snoops a big pat on the back for job well done – except MI5 Read More »

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.

Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber’s PowerShell attacks and the PowerShell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18. Usage is simple, just run Magic Unicorn (ensure Metasploit is installed if using Metasploit methods …

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Read More »

cia vault 7

Months-long trial of alleged CIA Vault 7 exploit leaker ends with hung jury: Ex-sysadmin guilty of contempt, lying to FBI

Mystery still surrounds saga of top-secret tools spillage The extraordinary trial of a former CIA sysadmin accusing of leaking top-secret hacking tools to WikiLeaks has ended in a mistrial. In Manhattan court on Monday morning, jurors indicated to Judge Paul Crotty they had been unable to reach agreement on the eight most serious counts, which included illegal …

Months-long trial of alleged CIA Vault 7 exploit leaker ends with hung jury: Ex-sysadmin guilty of contempt, lying to FBI Read More »

phishing

Health workers are top of phishers’ target lists thanks to data value

And HR folks aren’t far behind, says Proofpoint strategist Nurses are among the groups most heavily targeted by email scammers because of the value of the data they can access, according to email security biz Proofpoint’s Adenike Cosgrove. Cosgrove, an infosec strategist for Proofpoint, told The Register that not only are nurses and other frontline healthcare professionals …

Health workers are top of phishers’ target lists thanks to data value Read More »

amd bloodbath

AMD, boffins clash over chip data-leak claims: New side-channel holes in decades of cores, CPU maker disagrees

Maybe don’t be quite so smug, security researchers warn AMD processors sold between 2011 and 2019 are vulnerable to two side-channel attacks that can extract kernel data and secrets, according to a new research paper. In a paper [PDF] titled, “Take A Way: Exploring the Security Implications of AMD’s Cache Way Predictors,” six boffins – Moritz Lipp, …

AMD, boffins clash over chip data-leak claims: New side-channel holes in decades of cores, CPU maker disagrees Read More »