Phishing is the biggest threat to users’ login details, major study finds

Phishing has long been recognised as one of the most effective tools in an attacker’s arsenal. Now, extensive new research based on a year’s worth of data provides further empirical proof. Criminals find phishing far more effective than keyloggers or data breaches for obtaining credentials and accessing someone’s account. Between March 2016 and March 2017, […]

Security newsround: November 2017

We round up reporting and research from across the web about the latest security news. This month: effective awareness programmes, CEOs in the spotlight, Wi-Fi weaknesses and the best browser for blocking bad stuff online. Security Awareness Month October was Security Awareness Month in Europe and the US. There were many good articles and posts […]

AWS Cloud: Proactive Security and Forensic Readiness – part 1

Part 1 – Identity and Access management in AWS This is the first in a five-part blog series that provides a checklist for proactive security and forensic readiness in the AWS cloud environment. This post relates to identity and access management in AWS. In a recent study by Dashlane regarding password strength, AWS was listed […]

Companies face Cybersecurity double whammy in Brexit and GDPR

There are two seemingly separate major events happening in the coming years that will impact on how companies process and store personal data of people living in the European Union. The first is the European General Data Protection Regulation (GDPR) which comes into effect in May 2018. The other is Brexit, where the United Kingdom […]

AWS Cloud: Proactive Security & Forensic Readiness five-part best practice

In a time where cyber-attacks are on the rise in magnitude and frequency, being prepared during a security incident is paramount. This is especially crucial for organisations adopting the cloud for storing confidential or sensitive information. This blog is an introduction to a five-part blog series that provides a checklist for proactive security and forensic readiness in […]

Ransomware investigation: notes from the digital forensics front line

I have always had a big interest in digital forensics; it’s why I chose to pursue this career path. This post documents my first official forensics case involving ransomware: in other words, I got paid to root through someone else’s computer. Although my role is not limited to digital forensics, I enjoy when these cases […]

Pay me my money down: fake invoice email scams highlight business process problems

The effectiveness of an email scam like CEO fraud relies on one person in the target organisation having the means and the opportunity to make payments. It’s not a security problem that technology alone can fix. This type of scam came to mind as news emerged of yet another victim. The Irish Independent reported that criminals […]

Non-fake emails show how far we still need to go to fight phishing scams

If you received an email from a sender called BrokPro2 and the subject line was eight seemingly random digits, would you click to read it or consign it to the spam folder? (Asking for a friend.) To anyone who guessed answer number two, congratulations on your high levels of vigilance. Obviously you were paying attention […]

Password Advice Turns Out to be Less Than Secure

I was interviewed by the News at One on RTE Radio to comment on the man who has disowned his advice about making passwords safer. Now retired, Bill Burr admitted his proposals have been a waste of time. “Much of what I did I now regret,” he told the Wall Street Journal. Back in 2003, […]