This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
In the quaint town of Everyville, USA, Sarah starts her day with a familiar routine. She wakes up in her rented apartment, checks her phone (leased through her mobile plan), and streams her favourite morning playlist on Spotify. As she sips her coffee, brewed from beans delivered monthly by a subscription service, Sarah reflects on how different her life is from her parents’ at her age.
You’re so busy climbing the corporate ladder that you can’t spare five minutes to ring mum and dad. But fear not! For a mere 24.90 a month, you can now hire a silicon-based impersonator to pretend it cares about your parents’ day. Welcome to inTouch Family, the service that lets you tick “filial piety” off your to-do list without all that pesky human interaction.
I had the honour of being invited as the first guest on a new podcast hosted by the wonderful Lisa Forte , and Sarah Armstrong Smith where we got to sit down and talk about insider threats. Well, more specifically, around the story where a fake North Korean IT worker tried to get hired at KnowBe4 and how that was discovered and then we discussed some of the wider implications around that.
Have you ever found yourself in a bookstore, overwhelmed by the sheer number of titles and unsure of where to start? Well, let me make it easier for you. Here are five books that I highly recommend, as I found them to be absolutely brilliant. 1. FAIK by Perry Carpenter If you’re intrigued by the fascinating world of artificial intelligence, “FAIK” by Perry Carpenter is a must-read.
It is the holiday season. Think twinkling lights, the scent of pine, and cyber threats lurking in the shadows, waiting to pounce quicker than Bruce Willis can say, Yippee ki yay. In the festive spirit of Die Hard,” lets see how we can make our holidays less like Nakatomi Plaza and a bit more secure. Jingle Bells, Phishing Smells, Educate All the Way Phishing does not take a holiday.
The days are shorter, the heating is turned on more frequently, and the final big conference week of the year for me ends with Blackhat Europe and BSides London. Blackhat was held at the ExCeL and featured all the usual suspects. I had the chance to present at Blackhat and also caught up with Quentyn Taylor, who somehow social-engineered me into agreeing to a 5k run in the new year The vendor area felt a bit smaller compared to previous years, but that wasnt necessarily a bad thing.
What started off as a vision I had many years ago has hit a significant milestone. The Host Unknown Podcast has somehow managed to stumble its way to 200 episodes. It’s a feat that probably a testament to the sheer stubbornness of my co-hosts Thom Langford and Andrew Agnês – and a bit of external motivation provided by Graham Cluley. For those of you who have been living under a rock (or perhaps just have better things to do with your time), Host Unknown is the weekly podcast that no
As I sit here, reflecting on the recent news of the ransomware attack on pathology lab Synnovis, I can’t help but feel a sense of unease wash over me. It’s not just another headline or statistic; this time, it’s a bit more personal. My neighbour, Oliver Dowson , is one of the many individuals directly affected by this breach, his heart valve replacement surgery postponed indefinitely due to the fallout.
Another year another Infosec EU. So, how did it go down? I must admit, I grumble whenever I have to attend an event at the soulless warehouse that is ExCel, located in what can only be described as the appendix of London. However, it is a nice ride on the motorbike to get there, and parking is free (for motorbikes, not cars, but other bikers don’t like it if you park too close ).
I was taking a walk the other day and saw this pathway which is shared by two houses. The house on the right got their pressure washer and cleaned their half of the path. Part of me secretly admires the pettiness of this move. But the truth is that it is one path and just using one half is not practical. If it needs repair at any point, it’s a joint responsibility, you can’t just fix your bit and expect things to be fine… a bit like using the cloud or outsourcing work to a thir
The Internet is a treacherous playground, and wouldn’t you know it, Google, the wise old seer of the digital realm, is suggesting that its employees disconnect from the very beast they helped create. Yes, you heard that right, my friends. CNBC’s Jennifer Elias lays it bare for us: Google is embarking on a pilot program where certain employees will find themselves trapped within the confines of internet-free desktop PCs.
I saw a video on the BBC about a wind Turbine catching fire after a lightning strike. The video looked kind of cool as the flaming blades were spinning creating rings of smoke. With a bit of digging, it transpired that lightning strikes on wind turbines are very common and is only set to get worse as turbines get taller and blades are increasingly made of carbon.
Cops in Santa Cruz, California, were out in full force, arresting a 19-year-old they allege was behind a sinister plot to swindle unsuspecting beachgoers out of their hard-earned cash. The suspect, Damian Vela of Watsonville, had been placing counterfeit parking tickets on vehicles near the shoreline, complete with a QR code that victims could scan to pay the bogus fines.
The search for a job has never been easy, but with the commoditisation of AI tools, it’s becoming a bit easier for the ambitious jobseeker. Recently, one such individual used AI to apply for nearly 200 jobs in the span of two days – a feat most of us can only dream of achieving. @jerryjhlee Replying to @jaymie_inc this is how you apply to 200 jobs in 2 days — perfect timing with the holidays #resume #jobtips ♬ Betty (Get Money) – Yung Gravy.
It was bound to happen – welcome to the future! Mom took her daughter to see a show. AI facial recognition software recognizes her and she’s unceremoniously escorted out by security. . Her offence? Her employer, a huge law firm (not her) is in protracted litigation with the owner MSG Entertainment, and MSG has a policy that precludes attorneys pursuing active litigation against the company from attending events at their venues.
As I wandered through the psychedelic chaos of Black Hat Europe 2022, I couldn’t help but feel like I had stumbled into the belly of the beast. The vendor area was a tacky nightmare of flashing lights and buzzword-laden sales pitches, but I knew there was something deeper lurking beneath the surface. And then, like a shot of pure adrenaline to the heart, Dan Cuthbert’s opening keynote began and the conference was suddenly alive with the raw energy of truth and rebellion.
I saw this picture somewhere on social media of these many locks securing the bolt. However, upon closer inspection, you can see that by simply removing any one of the locks, you unlock the whole thing. I hope you’ll allow me the opportunity of dragging this out into a cybersecurity analogy. But, sometimes the sheer number of products and hoops we deploy end up looking a bit like this picture.
Mercedes is one of the latest car companies to think, “hey, what do we do in a global downturn when new sales are low… I know, let’s limit some features on our car, then when people buy them, charge them extra to unlock it via a subscription model. If it’s worked for SaaS, it can work for us!” According to their site , a mere $1200 a month can give you a “noticeable improvement in acceleration of 0.8 to 1.0 seconds (0-60MPH)” I kind of get it when car ma
I love myself a good Security BSides, and I’ve never been to Tallin in Estonia. So when I saw the CFP was open I submitted and was delighted to be selected. View of Riga, Latvia. Unable to find a reliable direct flight to Tallin, and horrendously long connecting flights – I opted for the scenic route which involved flying into Riga in Latvia, and then driving across the border to Tallinn in the fastest car ever made… a rental car.
I’m filing this one under I’m a bit cynical about it. According to this story there have been a bunch of people who have paid to have their fingerprints surgically altered. Some of the people were workers in Kuwait who had been deported for criminal activity. By having their fingerprints altered, and a new identity created in the Indian ID system Aadhaar, they were able to apply for a new visa to Kuwait.
In Japan, someone registered a trademark for CUGGL as a clothing brand in Japan. GUCCI tried to sue for copyright, but the Japan trademark office stated that CUGGL is not similar enough to GUCCI to warrant enforcement. Well, maybe not in the written word, but what do you think about the partially obscured logo? I am both disgusted and impressed by this. ( Credit to Halvar Flake for the find ).
Lloyds of London has told its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels or risk. Hmm so where do we begin to unpack this one? Attribution is never easy, even in the best of times. So who will decide whether an attack is a nation state or just little Timmy trying to impress his friends on the Discord channel?
Twilio was recently compromised after a couple of employees handed over their credentials to an attacker. The unsuspecting employees were targeted by a Smishing attack in which they received a text message on their phone saying their passwords had expired and they needed to re-authenticate. A useful link was provided which took the employees to a spoofed page into which they entered their credentials.
Group-IB have published a very well researched report on fake investment scams in Europe. The scam follows a well-established set of steps:1. The bogus come-on is published on social media. 2. The victim is taken to a phony investment website. 3. The victim enters personal information in a form on the scam site. 4. A call center contacts the victim, offering more information about the fraudulent investment prospectus. 5.
I saw this post on linkedin and was part disgusted, but also slightly admired the professionalism and thought that went into this scam. An unsuspecting victim was sent a USB drive that for all intents and purposes looked like it came from Microsoft. The packaging and logo all looks legit. This is where people’s biases will come into play. If they plug it in and there’s a popup asking “Are you sure” then unless they’re a bit savvy or paranoid, most people will click
I was recently reminded of this headline from a few years ago where a couple left their bikes unlocked to lure thieves and then proceeded to beat them up with baseball bats. I don’t advocate violence, and nor do I approve of vigilante behaviour. But police around the world use this trick all the time. They will leave cars and wait for thieves to try to steal them.
Some interesting research from Malwarebytes Labs. The first was around verified Twitter accounts receiving direct messages apparently from Twitter which claimed their accounts had been flagged for hate speech. They would then be redirected to a fake Twitter help centre to input their login credentials. The second was a Discord phishing campaign where people would recieve messages being accsed of sending explicit photos.
We see many discussions these days around deep fakes and how AI will be able to create content that the human eye cannot spot as being fake, leading us to be easily manipulated. However, the reality is that people can be fooled far more easily. The BBC reports that a fake IPL Cricket match was put on by a few villagers who cleared out a ground, nailed down a bit of cloth to resemble a “pitch” and live streamed it on YouTube.
In a paper titled Unintended consequences of smart thermostats in the transition to electrified heating , researchers discovered that most people don’t bother changing the default heating times on these thermostats. As a result at 6am, the strain on the electricity grid peaks as every thermostat clicks on. Akin to launching an inadvertent DDoS attack.
BMW, a brand known for its amazing cars, a model for everyone – built with the infamous German engineering and now offering a whole bunch of options as a monthly subscription. In some ways it makes sense. Streamline your production and build each and every car with the exact same hardware, but then limit options to those who are willing to pay out extra.
The Rolling Pwn vulnerability can be used against some keyless Honda’s to unlock, start and drive off. It allows you to eavesdrop on a remote key fob from about 100 feet away (which for my American friends is the distance from pitchers mount to the outfield grass). On Twitter, @RobDrivesCars replicated the bug in a nice video to confirm that yes, the bug definitely works. .
Over here in the UK we’ve had dozens of MPs (members of parliament) tender their resignation over the last day or so. While I’m not interested in politics, seeing so many resignation letters did provide me with the template to create the perfect letter. It consists of a few steps. 1. Yellow paper (not the white one peasants write on). 2.
Back in the olden times (in 2005) a website was setup called the Million Dollar Homepage. A brainchild of student Alex Tew who wanted to raise some money for university. The concept was simple, get a webpage composed of a million pixels and sell them all for $1 each. They were sold in 10 x 10 pixel blocks. Whoever bought the block could provide an image, logo, text, link etc.
It’s been another weird year for many. Most of the world had vaccines, came out of lockdown, only to be hit by another variant, and ending up in a weird limbo lockdown all over again. As someone who has predominantly worked from home for the last 8 years, I have welcomed the last couple of years. I no longer get the, “oh, so you’re working huh” nudge nudge wink wink from people.
“How does your degree compare to my 10 years practical work experience?”. This was something my very first manager used to say often to me and other fresh-faced graduates. He had a point – we knew nothing about the business, any of the tools, or the job compared to him, or indeed anyone else who had been working more than three days at the bank. But we had come in on the exclusive ‘graduate programme’ touted as the future of the workforce.
I’m no writer of novels, but I allowed myself to be influenced by national November novel writing month and thought it would be a good idea to attempt a blog a day through the month. In the end, I wrote 17 blogs during November, the most I’ve written in a long time, perhaps ever. There are another 3 which ended up in drafts that will likely never see the light of day.
It was T’s first week in a new organisation and they went into a project meeting for a new product that was about to be released. T: Has this product been pen tested? Project manager (PM): We don’t usually do pen tests on most systems, unless they’re really high risk, and even then we wait 6-12 months after they’ve gone live to do so.
I recently argued that I don’t really care about an aeroplane’s engine and that I only cared about the experience I have travelling on it. Some people argued with me that the engine is very important and without an engine the aeroplane won’t fly. Allow me to elaborate my thinking with the example of a road. When you’re building a road, engineering is of utmost importance.
Along my journey, I cross paths with a stranger. We have never met before, and will probably never meet again. We are aware of each others presence and acknowledge each other without acknowledgement. To each other, we are familiar strangers. There are many familiar strangers, all on their own journeys. Each with their own precious cargo. Some have exquisite rings, others with grand sparkling crowns, and some have small trinkets.
I have flown many times in my life, but I’ve never really known the difference between a Boeing 747, 787, or whatever the numbers are. It’s not that I’m not interested in planes. I still look up in the sky when I see one flying overhead and ask myself where it’s coming from and going to. Flying is really a marvel of engineering, and it blows my mind every time I get on a flight.
I saw an article on The Register today entitled, Crypto for cryptographers! Infosec types revolt against use of ancient abbreviation by Bitcoin and NFT devotees. TL;DR the argument is whether or not crypto should mean cryptography or cryptocurrency. Now, I get it, it can be an emotional topic for some – but really? The majority of the population don’t even understand what cryptography actually is.
I’m not a CISO, I never have been and hope I never will be. It seems like a lot of hard work and stress, and if you’re the CISO at a company when you suffer a breach it’s difficult to blame the intern without a mob of security professionals criticising you. But I do observe CISO’s very closely, and as a result I have figured out how to be an awesome CISO.
Buy 10,000 trophies from China (max $1 each including shipping) Buy an engraver Register a fancy domain, like, “WorldsBestSecurity.com” Send emails to companies saying they’ve “won” an award in some <random category> For a mere $1000 they can get featured in the WorldsBestSecurity.com listing and receive an engraved trophy. . 10,000 * 1000 = 10,000,000 .
If you’ve been on LinkedIn recently, you’ve probably seen your feed littered with polling questions. It could be something simple as, “which of these items do you like for breakfast” or something more specific such as, “Zero Trust is good because…” Either way, I have a bit of an issue with how these are framed, run, and subsequently interpreted.
We organize all of the trending information in your field so you don't have to. Join 28,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
Let's personalize your content