Posts by pwsadmin
The Dyn DDoS: attacking the Internet’s global address system
By Tanzeer Hossein On October 21, 2016, one of the most significantDistributed Denial of Service (DDoS) attacks occurred. The target was a DNS (Domain Name System) service provider called Dyn. This attack severely disrupted several internet services across the US and even some parts of Europe. This caused outages for some popular websites such as…
Read MoreThe Bangladesh Bank Heist
By Tanzeer Hossein The 2016 massive cyberattack on Bangladesh Bank, the central bank of Bangladesh, remains one of the most striking examples of the sophistication of cybercrime. The goal was to steal nearly $1 billion from the bank’s accounts at the Federal Reserve Bank of New York. Although the target wasn’t met, the attackers still…
Read MoreThe Cyberattack on Tangerine Telecom
By Tanzeer Hossain In February 2024, Tangerine Telecom, a prominent Australian internet and mobile service provider, became the latest victim of a catastrophic cybersecurity breach. The attacker gained unauthorized access and stole the sensitive information of at least 250,000 customers. This included names, phone numbers, and email addresses. This breach poses serious risks for identity…
Read MoreThe Wannacry Incident
By Tanzeer Hossain In May 2017, a ransomware attack known as “WannaCry” caused a worldwide crisis, severely disrupting computer systems across various sectors. This assault targeted machines running Microsoft Windows that had an unpatched vulnerability by using an attack tool, called “EternalBlue ,” which had been developed by the United States National Security Agency (NSA).…
Read MoreAsessing cyber risks
By Roddy Risk management is central to cyber security. It is impossible to create a fully secure system (even an air-gapped one) so there are always risks to the confidentiality, integrity and availability of any information held or processed in any technology-based system. Obviously, there are risks in any information storage system – paper, memory,…
Read MoreThe Equifax Breach
By Tanzeer Hossain In September 2017, Equifax, one of the largest credit reporting agencies, fell prey to one of the best documented data breaches of late. This breach involved compromising the critical information of approximately 147 million individuals, the vast majority being Americans, with a smaller number in the United Kingdom and Canada. This made…
Read MoreThe SolarWinds Cyber Attack
by Tanzeer Hossain In December of 2020, the world witnessed one of the most sophisticated cyberattacks in history: the SolarWinds supply chain attack. This affected the systems of many substantial organisations, including US Government agencies, private companies and key infrastructure providers. The main objective of this attack was the compromise of software updates distributed by…
Read MoreThe Cost of Ignoring Low-Level Risks
By Roddy The British Library’s report on the cyber attack which it suffered in October 2023 contains some insightful points on early lessons. No 7 is: “The Library’s risk management processes appropriately escalated out-of-appetite security risks for remediation, but were less effective in modelling the amount of low-level risks being carried in aggregate.” “LEARNING LESSONS…
Read MorePasswords
By Roddy Passwords, pah! Old-fashioned, insecure. Don’t cha just hate ‘em? Well no, they’re OK, especially if handled thoughtfully and used with varied user identities (see more on this at the bottom of this post) Yes, experts (notably Microsoft) have been predicting or promoting the abandonment of passwords as an access control method for many…
Read MoreActive vs. Passive Cyber Security
By Roddy. There is a lot of confusing – or inconsistent – terminology in cyber security (‘Tactics’ in the MITRE Att@ck framework?). It might look like this piece is introducing even more potential confusion but I think that distinguishing active from passive security is useful. Cyber security is about lots of things but, ultimately, it…
Read MoreFundamentals of the dark web
By Angela Okeke-Ramos The internet is formed of multiple layers. Similar to the ocean only a fraction of these layers have been explored. While most users are satisfied with content available on the outer layer of the internet; i.e the surface web, some wish to go further and beyond. Known as the dark web, the…
Read MoreThe value of mutual TLS for API authentication
By Robert Grigoras. The security and privacy of data exchanged between different systems through APIs is of utmost importance. API authentication, which verifies the identity of a user or system before granting access to sensitive data or resources, is therefore critical. Mutual Transport Layer Security (TLS) is a widely accepted approach for securing API communication…
Read More