Scam Promotions on Facebook
Web adverts promoting questionable offers and schemes are old hat. Facebook is no exception but unlike wholly dubious hosts or otherwise reliable sites depending …
Sitting Duck Attacks
The Sitting Duck attack revolves around taking control of a domain and then using it to distribute malware or as a source for phishing …
Developers Hit By Compromised Software Packages
A Typosquat campaign uses slight variations on well-known names to mislead a user to access a rogue rather than genuine asset. It is well …
UK Data (Use and Access) Bill
The Data (Use and Access) Bill had its first reading in the Lords on 23 October 2024. This step is merely a formal introduction …
Zero-Day Attacks
In October 2024 Google Mandiant reported on 138 exploited vulnerabilities since 2023. They concluded there had been an increase in the number and speed …
SSL Certificate Renewal
SSL/TLS authentication is part of the encryption suite to ensure that a requester is who they say they are and to grant or refuse …
The SPAM Bomb
The symptoms of a SPAM, email or subscription bomb attack are almost impossible to miss. The victim will suddenly receive a very large volume …
OFCOM vs Scam Callers
OFCOM is the UK regulator of phone and Internet services. They are responsible for ensuring these services are safe and effective. Part of their …
Google and Facebook Single Sign On (SSO)
Single Sign On (SSO) options are commonly seen through providers such as Google, Facebook and to a lesser extent Apple. There are also less …
Ransomware in Healthcare
The ThreatLabz 2024 Ransomware Report highlights the relative susceptibility of the healthcare industry to ransomware attacks. 312 attacks on the Healthcare industry were reported …
Bad Bots
Kindus has discussed the role of bots on the Internet and how webmasters can use ‘robots.txt’ to control them. Unfortunately many bots do not …
Lessons from the Cloudstrike Outage
On July 19, 2024 at 04:09 UTC, CrowdStrike released an update for ‘Falcon Sensor 7.11’ or above to Windows systems. This caused a system …
eCommerce Shop Scams
Data from Security Research Labs has revealed a China based fake shopping network that they have named ‘BogusBazaar.’ They claim that: ‘As of April …
Lockbit Ransomware Takedown
In February 2024 the UK National Crime Agency released details of how the NCA and other international policing agencies had disrupted the actions of …
UK Cyber security breaches survey 2024
Lies, damned lies, and statistics (attributed to Disraeli) The UK Cyber Security Breaches Survey 2024 was published on 9th April 2024. Not surprisingly it …
Digital Gift Card Issues
Both Apple and Google offer gift card services for use on their App stores. Just as it states on the tin the card can …
Biometric Security Hacks
Biometric security may not be the bulletproof security system that it appears to be. The theory is that information such as fingerprints or facial …
SMS Authentication Pitfalls
SMS is promoted as a reliable way to authenticate users. A message is sent to a mobile number with a one-time passcode (OTP) that …
Data Poisoning
Data Poisoning is an attempt to fool a system by inserting rogue data. It could be a threat to AI systems because they build …
Link Cloaking
In the ideal world every web page will be linked to a url that clearly and accurately describes the purpose of that page. Unfortunately …