It’s that time of year again, when we ask the great and the good in the 2-sec office for their security predictions for 2018. Here are our six top cyber security forecasts for the next 12 months. PREDICTION 1 – Little tolerance for non GDPR compliant companies Those who have taken the EU General Data
Our cyber security predictions for 2018 Read More »
You may have read reports online of two major flaws in a large number of microprocessors: Spectre and Meltdown. Spectre and Meltdown relate to an apparent vulnerability in chips which may allow the breaking of isolation between programs and operating systems. Whilst programs typically cannot read data from other programs, a malicious program may be
Spectre and Meltdown vulnerabilities – essential information Read More »
It’s not easy to admit to getting it wrong, but that’s what Bill Burr did in a recent interview with the Wall Street Journal. Back in 2003, as an advisor for the American National Institute of Standards and Technology (NIST), Burr recommended irregular capitalisation, special characters and numerals in our passwords; such as wHyWeN3edP4s5w0rd5. Burr
Expert admits that his password advice was wrong. So how should you choose a password? Read More »
A significant email-spam campaign has been observed over the past two days, distributing two new variants of the ‘Locky’ ransomware. At this stage the 2-sec team believes the ransomware to be similar to most other ransomware programs, in that it will encrypt files after a machine has been infected. This alert has been issued by
New Ransomware alert: Diablo6 and Mamba Read More »
An interesting external penetration test was recently performed by our expert team, that resulted in discovery of a new vulnerability (CVE-2017-9553) in a popular Synology NAS device. A NAS (Network Attached Storage) device is a storage mechanism connected to a network that allows storage and retrieval of data from a centralized location for authorized network
2-sec’s expert team uncovers new vulnerability in popular Synology NAS device Read More »
Imagine that a business wanted to outsource a particular business function, but no one on the Board of Directors had sufficient tech expertise to grasp why this might cause security issues.Investing in an upgraded network with a centralised administrator responsible for granting permission levels would resolve the problem, but the Board is reluctant to invest
Does your board need a technical expert? Read More »
Ransomware has been a recognised issue for some time, however to date, perhaps only one or two systems in a company might have become infected by the wayward clicks of a bored receptionist. Ransomware has rarely been a business-critical issue. Wanna Cry changed that. Not only did it infect single machines, as classic ransomware does,
Wanna Cry. Our analysis. Read More »
Google users appear to have been the latest victims of the most recent phishing attack, this time through their file sharing Google Docs service. Victims were sent a sinister email disguised as a fraudulent invitation to edit a Google Doc that appears to come from one of their contacts. The subject line reads “[Contact name]
Remember that $100 million whaling scam? Read More »
Last month, the papers reported that two major US technology firms were deceived by Evaldas Rimasauskas, a Lithuanian criminal, into sending him $100 million through an email whaling scam. It has just been confirmed that Google and Facebook were the two companies that were the victims of this scam. The two companies did not confirm
$100 million whaling scam: A “wake up call” for even the most sophisticated firms. Read More »
