Halkyn Security Blog
Specialist Security & Risk Management Consultants

Posts in category Security News

UOC – Cybersecurity Conference 2017

UOC Cyber Security Conference 2017

Cybersecurity is big news with governments and businesses suffering at the hands of cyber attacks. As a result of this, the University of Chester (UoC) STEMs society is hosting a Cybersecurity Conference on the 28th March 2017. The primary aim is to raise awareness of Cybersecurity. In addition, it will provide an opportunity to build professional networks and encourage career […]

Read More

Incident Response – 5 key stakeholder groups

Incident Response - Your team cant function in a vacuum.

Incident response is a vital component of every organisations security. It provides the safety net for when the inevitable happens and other controls fail. A good incident response team will also have subject matter experts who can guide your entire organisation’s security strategy. If you take security even slightly seriously, you will have an incident […]

Read More

Phishing and Malware – FedEx missed delivery

FedEx Delivery Phishing Email - there is no reason ANYONE should ever open this attachment.

It seems that every day, new script kiddies discover the likes of the Social Engineering Toolkit or Metasploit and launch a new wave of phishing attacks. Unfortunately it seems that this time the attackers are too lazy to even try. Today’s email – screenshot on the right – is a reasonably straight forward phishing attempt. The […]

Read More

Finphishing – 8 steps to criminal profits

FinPhishing - short and succinct message, simple to generate but potentially deadly to the victim.

FinPhishing – or financial spear phishing – is a form of social engineering attack which is becoming massively profitable for the criminal enterprises involved. Unfortunately for the victims it is very cheap to deploy and nearly always gets past technological security controls such as spam filtering and malware detection. As a result of this, businesses […]

Read More

Security researchers demo GPU Keylogger

Reported on the Register today, security researchers have demonstrated how malicious code can be run on graphics processors (GPUs) rather than the central processing unit (CPUs) at the heart of a computer: http://www.theregister.co.uk/2015/05/13/graphics_card_malware_gpu_keylogger/

Read More

ISO27001 Self Assessment Checklist hits record downloads

ISO27001 Self Assessment Checklist - Screenshot

The ever popular ISO27001 self assessment checklist is now being downloaded at around 1000 times a month. Since we published it in October 2013, there have been over 13000 copies downloaded and we have provided unprotected versions to over 900 different organisations and individuals. Hopefully this is a sign that security is being taken seriously […]

Read More

Retail security, business protection, loss reduction

The retail sector remains vulnerable to cyber attacks

Retail security is in the news again as the British Retail Consortium (BRC) report that crime in this sector has reached a 10 year high. This reporting appears to indicate crime accounts for almost 0.2% of the total sector turnover. As reported by the BBC this includes the possibly obvious activities such as shoplifting, but […]

Read More

Prison Service in NI Warned over Data Breach

Prison Service warned over data breach

The prison service in Northern Ireland has been warned by the ICO over another data breach. The ICO press release is available online: http://ico.org.uk/news/latest_news/2014/prison-service-warned-after-maze-records-sold-at-auction-18062014 This incident relates to the Prison Service auctioning off a cabinet containing records from the Maze prison. Interestingly, this breach took place in 2004, when the Northern Ireland Office was responsible, but nothing […]

Read More

Truecrypt encryption software still available for download

Truecrypt encryption software still available for download

It seems that Truecrypt is too popular a tool for people to give up on it and version 7.1a is still available for download. A website has sprung up at truecrypt.ch offering downloads of Truecrypt binaries and source code. The download site appears to have been set up by a Swiss national and provides links […]

Read More

Truecrypt encryption software ceases production

Without Truecrypt, selecting encryption software is a lot harder.

On 28 May 2014, the developers of the reasonably infamous encryption software Truecrypt apparently announced that the program was over and that the risk of security weaknesses meant people should stop using it. Since this announcement, the Truecrypt website at http://truecrypt.org now redirects to the Sourceforce page (http://truecrypt.sourceforge.net/) which reports that development ended in “5/2014” following Microsoft […]

Read More

City of London Police – update

Mounted Officer - City of London Police. Photo by William Warby (http://www.flickr.com/photos/wwarby/)

As part of the cross-sector safety and security communications plan, the City of London police have announced today some significant changes being made to reinforce the ring of steel around the Square Mile. City of London Police: Ring of steel just got tougher New tactics, new tools and new technology will be launched in February […]

Read More

Twitter – Possible social engineering attack

Twitter - email headers

This evening I managed to end up getting my personal twitter account hijacked and malicious users were able to send out direct messages before I got at least some element of control back. First off, I want to apologise to anyone who got a strange DM from me, telling them to click on a suspicious […]

Read More

ISMS: New version of ISO/IEC 27001 – Time to update?

ISMS: New version of ISO/IEC 27001 – Time to update?

As you may be aware, the ISO/IEC 27001 standard for Information Security Management Systems (ISMS) was updated and the 2013 version became the “official” version at the start of October 2013. The previous version for ISMS requirements was ISO/IEC 27001:2005, and for eight years now, organisations have been working towards, and achieving, certification to that […]

Read More

Physical Security – It still matters

Good physical security protects your information.

When it comes to security, there is an unfortunate tendency for organisations (large and small) to fall into the trap of treating their physical security as something separate or different from their information security needs. Despite physical security having a place in every international security standard (such as ISO 27001), ownership of physical risks often […]

Read More

Encryption – it is your responsibility

Encryption – it is your responsibility

Encryption is important. This has always been well known, and with the recent revelations about PRISM and related Government monitoring of communications, people have become understandably more interested in the topic. However, keep in mind the fact that doing encryption wrong is worse than not doing it. In recent years it has become more and […]

Read More

Recent Tweets Recent Tweets