The recent report from Fortinet on the security threat landscape in the last quarter of 2017, confirmed that cryptojacking attacks have risen sharply in the last 6 months. What is Cryptojacking? Cryptojacking is a tool used to mine digital coinage such as Bitcoin and other cryptocurrencies on computers, using CPU resources. Criminals load the […]
Cryptojacking: the new malware threat Read More »
You may have read reports online of two major flaws in a large number of microprocessors: Spectre and Meltdown. Spectre and Meltdown relate to an apparent vulnerability in chips which may allow the breaking of isolation between programs and operating systems. Whilst programs typically cannot read data from other programs, a malicious program may be
Spectre and Meltdown vulnerabilities – essential information Read More »
If you managed to grab The Times today you will see that our Director, Luke Vile, commented on an article discussing big data/tech firms and Government regulation. Full text as follows: In August, Ms Rudd was dispatched to Silicon Valley, where the biggest tech giants roam, and attended the inaugural meeting of the Global Internet
You may have read this morning about a reported potential vulnerability in some Wi-Fi networks, known as KRACKs. Our first analysis indicates that via KRACKs, an attacker within range of a device could potentially intercept, decrypt and read data that has supposedly been securely transmitted over a ‘protected’ Wi-Fi network. In some cases, the attacker
Our advice on the KRACKS Wi-Fi vulnerability Read More »
Another day, another data breach and yet another apology. After hackers stole private data of Equifax’s 143 million customers (including data from 400,000 UK residents), their new CEO Paulino do Rego Barros Jr, wrote an open letter that was published by the Wall Street Journal on 27 September. “On behalf of Equifax, I want to express my sincere
Don’t use the Equifax example: How you SHOULD communicate a data breach Read More »
A significant email-spam campaign has been observed over the past two days, distributing two new variants of the ‘Locky’ ransomware. At this stage the 2-sec team believes the ransomware to be similar to most other ransomware programs, in that it will encrypt files after a machine has been infected. This alert has been issued by
New Ransomware alert: Diablo6 and Mamba Read More »
Alexander Drabek is part of our team of expert penetration testers; who “ethically hack” into client’s networks and find any potential weaknesses. We asked him exactly what it is he does, and how he does it. What skills do you need to become a penetration tester? Many people think penetration testers are highly obsessive and
A day in the life of a 2-sec penetration tester Read More »
An interesting external penetration test was recently performed by our expert team, that resulted in discovery of a new vulnerability (CVE-2017-9553) in a popular Synology NAS device. A NAS (Network Attached Storage) device is a storage mechanism connected to a network that allows storage and retrieval of data from a centralized location for authorized network
2-sec’s expert team uncovers new vulnerability in popular Synology NAS device Read More »
Google users appear to have been the latest victims of the most recent phishing attack, this time through their file sharing Google Docs service. Victims were sent a sinister email disguised as a fraudulent invitation to edit a Google Doc that appears to come from one of their contacts. The subject line reads “[Contact name]
Remember that $100 million whaling scam? Read More »
