Category: online security

LinkedIn and LOLBINs

Yet another example of how LinkedIn can be abused by the bad guys… a phishing campaign which used job titles scraped from user profiles to…

Continue Reading

It’s official… SMS is not a security tool

UPDATE: The three major US mobile carriers have closed this particular loophole… however, it is not clear if carriers in other parts of the world…

Continue Reading

It could happen to anyone…

The headline is eye catching: a data breach at a highly respected security training organization when an employee falls for a phishing email. It is…

Continue Reading

EmailRep – Squeezing actionable info from malicious email addresses

Yes, I know it has been quite a while since I have posted anything to the old blog, but I do have an excuse… in…

Continue Reading

Securing the real perimeter – part 2

In my last post, I went on about how the real perimeter of your network is at your users’ workstations. The actions that humans take…

Continue Reading

Securing the real perimeter – part 1

I was thinking about the way that the concept of a “perimeter” has changed in the time I have been in information security. (Obviously, I…

Continue Reading

The biggest cloud threat? Us!

Another cloud security issue caused not by the cloud, but by how people use the cloud.  Security firm Sophos has been taking a look at…

Continue Reading

We’re number 1!

Something for those of us who have to continue to remind our executives how important it is to continually increase our cybersecurity budgets… Global insurer…

Continue Reading

Aging reports – new ammo for attackers

Another reminder that attackers are getting more sophisticated and taking the time to learn about their victims and their business processes before launching their phishing…

Continue Reading

Are passwords really the best we can do?

So by now, you have seen the news stories about the doofus hackers who are breaking into Ring cameras and scaring kids. And it turns…

Continue Reading