This month is Cyber Security Awareness Month and this week is Security Serious. In honour of both, here are my top ten tips to improve your organisation’s security. Whether you’re big or small, cyber insecurity is a real issue that we all need to address. Security shouldn’t be about locking down all information or getting in the way of people working, but it should be proportionate, holistic and tailored to the needs, context and risk appetite of the organisation. Read More
Category: Blog Post
Weekly news. Personal data: bugs, blunders and banks
WHSmith ‘bug’ spreads customer data: thousands of WHSmith magazine subscribers have received emails containing the names, addresses and phone numbers of other customers owing to a processing “bug”
London Sexual Health Clinic Data Breach Revealed Patient Details – 56 Dean Street clinic in London sent a newsletter to around 780 patients who were copied into the “To” section of the email, rather than anonymously via the “bcc” address bar. This meant that, instead of hiding the personal details of those on its recipient list, it included their full names and email addresses Read More
Two factor authentication: 1,000 people surveyed
Two-factor authentication
I was recently asked to discuss Ashley Madison and the wider security impact on users (on Sky News) and when I mentioned two-factor authentication, the presenter asked me to explain what it is. This happens a lot when I recommend two-factor authentication and always serves as a reminder that those things which we in the information security industry think of as basic security are not particularly well known to the average computer-user. For something pretty simple, easy-to-use and effective, I’ve long had the impression that a lot of people don’t ‘get’ two-factor. If they don’t know what it is, you can be pretty sure they’re not using it. Read More
Ashley Madison
I appeared on Sky News on Wednesday evening discussing the theft and dump of Ashley Madison data. As always, time on live television is a great experience but also extremely limited so I wanted to expand on some of my thoughts on the social, organisational and individual implications. Read More
Weekly News: the response to *that* Oracle article, a huge breach for Carphone Warehouse and how to pen test a city
Oracle CSO Mary Ann Davidson wrote a blog post widely condemned by the infosec community (and now deleted), in which she criticised bug bounties and security researchers who reverse engineer Oracle’s code. There was much comment, but particularly measured ones can be read here and here.
Carphone Warehouse said the personal details of up to 2.4 million of its customers, and the encrypted credit card details of up to 90,000 people, may have been accessed in a cyber-attack.
Police began investigating a ‘new’ crime of cyber-flashing after a woman received an indecent image on her phone as she travelled to work.
If you missed Black Hat in Vegas, Tripwire summarised the presentations they found most intriguing, including a vulnerability affecting hundreds of millions of Android devices, how Saudi Aramco responded to being attacked and city-level penetration testing.
Weekly news: a $46m phishing theft, what it means to be the victim of a huge cyber attack and conference season in Vegas
Inside two of the biggest cyber attacks in history
The CEO of Sony Pictures Entertainment discusses how they coped with being attacked.
A former Security Advisor to Saudi Aramco talks about the attack that destroyed 35,000 of their computers.
Spearphishing Fraud
A social engineering attack, in the form of spearphishing email, resulted in the theft of $46.7m from Ubiquiti Networks.