Antivirus (AV) has been around for decades now and this is both a good and bad thing. On one hand, AV is so well known most people already understand that they need to have it. But on the other, all the attackers know about it. This means the first step in pretty much every attack […]
Supplier Security – A lesson for T-Mobile
Supplier security is something most organisations are at least aware of, and lots actually realise they need to do something about it. However, most of the time, “doing something” about it involves a quick chat with the supplier, possibly a generic check-list and a review that the contract at least mentions security. The problem is thinking […]
Phishing and Malware – FedEx missed delivery
It seems that every day, new script kiddies discover the likes of the Social Engineering Toolkit or Metasploit and launch a new wave of phishing attacks. Unfortunately it seems that this time the attackers are too lazy to even try. Today’s email – screenshot on the right – is a reasonably straight forward phishing attempt. The […]
Finphishing – 8 steps to criminal profits
FinPhishing – or financial spear phishing – is a form of social engineering attack which is becoming massively profitable for the criminal enterprises involved. Unfortunately for the victims it is very cheap to deploy and nearly always gets past technological security controls such as spam filtering and malware detection. As a result of this, businesses […]
Security breaches – do you know what to do next?
One sad fact about security is that no matter what controls you put in place, you will suffer breaches and if you are on the internet it is likely to happen sooner rather than later. People sometimes hold to a “physical world” security model which has a clearly defined threat actor (e.g. a burglar) casing […]
Halkyn Consulting – Vacation and Course Period
As our existing clients may be aware, Halkyn Consulting has entered into a three week period where we maximise our courses and vacation time. During this period we will be unable to respond to new clients but will continue to service existing clients. During this period there will be a delay in our responses and […]
Security researchers demo GPU Keylogger
Reported on the Register today, security researchers have demonstrated how malicious code can be run on graphics processors (GPUs) rather than the central processing unit (CPUs) at the heart of a computer: http://www.theregister.co.uk/2015/05/13/graphics_card_malware_gpu_keylogger/
Security Patches – Internet Explorer – Act Fast
For lots of enterprises, security patches are a pain to test, a pain to deploy and frequently frustrating when they require downtime for the inevitable system reboots. However, security patches are also a significantly important mechanism for protecting your environment against attacks. They really are. This month, Microsoft have announced 13 security patches – three of which are […]
Phishing attacks continue to evolve and spread malware
As most internet users know, phishing attacks are very common. The term itself dates back to 1995 (e.g. AOHell) and social engineering (which is basically what phishing is) goes back as long as we have had societies. At a basic level, phishing is an attempt by a malicious party to get the recipient (victim) to […]
Budgets – Security’s friend or foe
Budgets are integral to every business. The start up’s business plan has to include budgets and the multinational will have an entire finance unit geared around making sure that every year the numbers are crunched, and budgets allocated. At a very fundamental level, a budget allows businesses to grow. It allows them to develop without going […]
Staysure security breach leads to ICO Fine
The Information Commissioner’s Office announced on 24 Feb 2015 that it had levied a monetary penalty of £175,000 against the holiday insurance company Staysure. The fine came about as a result of Staysure suffering a security breach on their website which exposed more than 100,000 customer records and led to more than 5,000 customers having their credit […]
Retail security in an online world
The internet has been changing the world for decades now, and nowhere has this been more obvious than the retail sector. Internet access has opened up new markets, invented new businesses and allowed retailers to grow in ways never before imagined. However, along with this growth, the internet has also shown that retail security needs […]
ISO27001 Self Assessment Checklist hits record downloads
The ever popular ISO27001 self assessment checklist is now being downloaded at around 1000 times a month. Since we published it in October 2013, there have been over 13000 copies downloaded and we have provided unprotected versions to over 900 different organisations and individuals. Hopefully this is a sign that security is being taken seriously […]
Retail security, business protection, loss reduction
Retail security is in the news again as the British Retail Consortium (BRC) report that crime in this sector has reached a 10 year high. This reporting appears to indicate crime accounts for almost 0.2% of the total sector turnover. As reported by the BBC this includes the possibly obvious activities such as shoplifting, but […]
Insider Threat – Apple Employee Jailed and Fined
The insider threat is in the news again. On 8 December it was reported that ex-Apple employee, Paul Devine, had been sentenced to jail and a fine following a guilty plea on counts of wire fraud and money laundering . From the news reporting, this trusted insider was involved in providing Apple suppliers with confidential information […]