Another war was launched by a popular anonymous hacktivist on companies who still choose to run in Russia and pay taxes to the Russian Government. After Nestlé decided to continue operating in Russia the anonymous hackers threatened to attack them and eventually hacked into their system, leaking 10GB worth of sensitive data. Impact On 22nd […]
14
Mar
Mar
Year after year, statistics show phishing attacks continue to rise. Why? Because they work, and this simple attack brings results. Consequently, this attack has evolved and become more sophisticated and harder to identify. Gone are the days of the error-filled 419 emails from a Nigerian Prince requesting your account details to hide money offshore. Instead, […]
01
Mar
Mar
By now we all know the effect a Ransomware attack can have on an organisation. If you are not aware of the history of attacks and which ones are on the current threat landscape, you should be. Educating yourself is the first step to understanding how threat actors operate and what tools, tactics and procedures […]
14
Feb
Feb
Social engineering is a term used for a wide variety of activities used by threat actors to manipulate or trick end users into bypassing security controls or providing sensitive information (such as login credentials) — that they then use to obtain unauthorised access to the systems they target. In today’s digital landscape, social engineering has […]
07
Feb
Feb
The FBI recently posted a flash alert asking for any suspicious activity linked to LockBit Ransomware to be reported immediately to the Cyber Squad. The LockBit Ransomware gang, who came on the scene in September 2019 announced the LockBit 2.0 Ransomware-as-a-Service (RaaS) in June 2021. The impact When the LockBit infection spreads, it gains the […]
25
Jan
Jan
WordPress’s security vendor, Jetpack, uncovered a widespread supply chain attack, which has successfully compromised 93 WordPress plugins and themes. Additionally, 53 plugins and 40 themes belonging to the developer AccessPress, had a backdoor inserted into their source code. AccessPress addons are used in over 360,000 active websites. The impact: Admins who have unknowingly installed a […]
10
Jan
Jan
The Jfrog security research team has discovered a vulnerability in the H2 database console. CVE-2021-42392 shares a root cause with the now infamous Log4Shell vulnerability. H2 is a popular and open-source SQL database written in java, which offers a lightweight in-memory solution, meaning data is not required to be stored on a disk. This makes […]
13
Dec
Dec
Are you ready to close this book? What a journey 2021 has been. We’ve extremely enjoyed seeing our customers face-to-face and online, and building stronger relationships by understanding their challenges — because it’s what we do! 2021 did read through like a thriller book of phishing scams and ransomware attacks. And as a typical thriller, some […]
13
Dec
Dec
Some of you may know, a severe vulnerability was discovered in Log4j, a Java logging package. This ubiquitous package is included in products such as Apache and Apple products. Worse yet, this component is so widely used — that it is believed to be within multiple components within applications. This means that security teams worldwide […]
10
Dec
Dec
WordPress sites have been under attack for 36 hours, from 16,000 IP addresses. Threat Intelligence Analysts from Wordfence, have reported an ongoing assault against 1.6 million WordPress sites. The traffic originates from 16,000 IPs and threat actors appear to be targeting four WordPress plugins and fifteen Epsilon Framework themes. One of which has no patch […]