Author Archives: mike

The Ukranian Ransomware (Petya, NotPetya, WannaCry2)

Posted on 2017-06-28 by mike

Those keeping aware of the security scene may well have become aware of the latest ransomware worm hitting around the world. Various names have been associated with this outbreak, and the most readily identifiable name (Petya) is technically incorrect. This … Continue reading

Posted in Active Attacks, Malware | Tagged , | Comments Off on The Ukranian Ransomware (Petya, NotPetya, WannaCry2)

WannaCrypt or the NHS Worm

Posted on 2017-05-15 by mike

As many of you will be aware, the NHS suffered from a mass outbreak of a ransomware worm last Friday which has since spread to many other organisations around the world. For more general information please see The Register’s article … Continue reading

Posted in Active Attacks | Comments Off on WannaCrypt or the NHS Worm

Keeping Your Account Safe

Posted on 2017-05-10 by mike

We are seeing an increase in the number of compromised accounts due to various forms of attack, and decided to highlight some core protections for your account. If your account is compromised, you may find yourself locked out of the … Continue reading

Posted in Active Attacks, Passwords | Comments Off on Keeping Your Account Safe

‘Phishing’ Emails With Your Home Address

Posted on 2017-04-04 by mike

This article is currently being drafted, and will be added to over time. In the meantime, Sophos have an article that goes into some detail about what is going on here. Some key points :- Don’t click on the encrypted … Continue reading

Posted in Active Attacks, Email | Tagged | Comments Off on ‘Phishing’ Emails With Your Home Address

Is IS Aware Of What Password You Have?

Posted on 2017-03-16 by mike

One of the more interesting questions that arose from the recent password audit is whether IS is aware of account passwords – i.e. do we know your password. The short answer to that is: No, but with a caveat. First … Continue reading

Posted in Passwords | Comments Off on Is IS Aware Of What Password You Have?

How SHA-1 Is Broken

Posted on 2017-02-24 by mike

(This gets very esoteric very quickly) Those of you paying attention may have realised that very recently (January this year), browsers started complaining about security when connecting to sites whose SSL certificates used the SHA-1 hashing algorithm within the certificate. … Continue reading

Posted in Technical | Tagged , , | Comments Off on How SHA-1 Is Broken

Phishing: What To Do In The Aftermath

Posted on 2017-01-26 by mike

In the event that you have given away your account details in response to a phishing attack, and either discovered yourself that your account is compromised or you have been told so by IS, then there are some steps to … Continue reading

Posted in Email, Passwords | Comments Off on Phishing: What To Do In The Aftermath

Don’t Automatically Trust Email!

Posted on 2016-12-01 by mike

Email is a very easy to forge – so easy that if you try to impress a hacker by claiming to have forged email, they’ll fall about the floor laughing. So you should not automatically trust email – there are … Continue reading

Posted in Email | Comments Off on Don’t Automatically Trust Email!

Analysis Of A Phishing Attack

Posted on 2016-11-29 by mike

The following is the analysis of a real phishing attack that we have seen, together with some indications of how a phishing attack can be detected. For the impatient, some of those indicators are listed below :- Are you expecting … Continue reading

Posted in Active Attacks, Email | Tagged , | Comments Off on Analysis Of A Phishing Attack

How Often Should I Patch?

Posted on 2016-10-27 by mike

The short version: “It varies”. “Have you applies the latest security fixes from your operating system vendor to your machines?” I asked, trying to a learn a little more about Fred’s security posture. Fred replies with hesitation, “We apply security … Continue reading

Posted in General | Tagged , | Comments Off on How Often Should I Patch?