The SolarWinds Cyber Attack

by Tanzeer Hossain In December of 2020, the world witnessed one of the most sophisticated cyberattacks in history: the SolarWinds supply chain attack. This affected the systems of many substantial organisations, including US Government agencies, private companies and key infrastructure providers. The main objective of this attack was the compromise of software updates distributed by…

Read More

The Cost of Ignoring Low-Level Risks

By Roddy The British Library’s report on the cyber attack which it suffered in October 2023 contains some insightful points on early lessons. No 7 is: “The Library’s risk management processes appropriately escalated out-of-appetite security risks for remediation, but were less effective in modelling the amount of low-level risks being carried in aggregate.” “LEARNING LESSONS…

Read More

Passwords

Graphic of padlocks, one of them open

By Roddy Passwords, pah! Old-fashioned, insecure. Don’t cha just hate ‘em? Well no, they’re OK, especially if handled thoughtfully and used with varied user identities (see more on this at the bottom of this post) Yes, experts (notably Microsoft) have been predicting or promoting the abandonment of passwords as an access control method for many…

Read More

Active vs. Passive Cyber Security

Tech worker

By Roddy. There is a lot of confusing – or inconsistent – terminology in cyber security (‘Tactics’ in the MITRE Att@ck framework?). It might look like this piece is introducing even more potential confusion but I think that distinguishing active from passive security is useful. Cyber security is about lots of things but, ultimately, it…

Read More

Fundamentals of the dark web

By Angela Okeke-Ramos The internet is formed of multiple layers. Similar to the ocean only a fraction of these layers have been explored. While most users are satisfied with content available on the outer layer of the internet; i.e the surface web, some wish to go further and beyond. Known as the dark web, the…

Read More

The value of mutual TLS for API authentication

By Robert Grigoras. The security and privacy of data exchanged between different systems through APIs is of utmost importance. API authentication, which verifies the identity of a user or system before granting access to sensitive data or resources, is therefore critical. Mutual Transport Layer Security (TLS) is a widely accepted approach for securing API communication…

Read More

3 Ways To Protect Your Privacy On Facebook

By Nick Duley. As technology is becoming an increasing part of our lives. It’s important to protect our privacy and security from online trolls and hackers. Facebook is one of the most common social networks out there and by default, the privacy features for one’s account are very limited. Leaving your personal information open. In…

Read More

An honest review Of ‘Undeclared War’ On Channel 4

By Robert Grigoras. Introduction The series is set in 2024, The Undeclared War tracks a leading team of analysts buried in the heart of GCHQ, secretly working to ward off a series of cyber-attacks on the UK in the run up to a general election. When a routine stress test of internet infrastructure goes awry…

Read More

Security fatigue

Please update your password settings. Please enter a new password that does not include your birthday. Password must contain special characters.

Read More

Trusted security

How do u know that you are your mother’s child?

How can you be sure that the chef in that restaurant did not spit in your lasagne after you complained that the service was too slow?

Read More