Crypto wallets with their valuable contents are an attractive target for cyber criminals. Cyber attackers look for any opportunity to breach both hot and cold crypto wallets, and wallet users rely on their wallet providers to keep their crypto currency safe. As a result, crypto wallets implement information security controls to keep them safe, from…
Security vulnerabilities are a real problem for software developers everywhere, and the organisations that employ them. Many issues are annoying but harmless, but the worst vulnerabilities in a piece of software could compromise security, and cause it to be vulnerable to a breach, which if realised, could cause untold damage to the organisation. The traditional…
Are you considering implementing RPA (robotic process automation or bots) as part of your digital transformation? RPA security best practices will help you utilise this growing trend safely and for maximum benefit. RPA usage grew by 63.1% to $1.3bn in 2019, and is expected to reach $7.2bn by 2025, making it the fastest growing segment…
To borrow a phrase from Oscar Wilde, to fall victim to a ransomware attack once may be regarded as a misfortune. To fall victim to a ransomware attack twice looks like carelessness. And yet, that is exactly what happened to an organisation just this month. They paid the ransom, received the decryption key, restored systems,…
You know all about phishing scams via email, and you are careful to never click on a link you don’t recognise. But how careful are you when it comes to messages on your phone? Are you confident that the SMS from the bank, or the link sent to you via WhatsApp from your friend is…
2020 has been described by some as the ‘Cybercrime Peak’. While it is undeniable that cyber crime increased dramatically in 2020, based on current form, the cyber security trends for 2021 look to be heading the same way. 2020 saw some old cyber security trends increase in popularity (did anyone say ransomware?), and some new…
The battle against phishing, spam, and malicious emails is never ending. 3.1 billion domain spoofing emails are sent every single day, forcing email provider filters to work extra hard to filter out malicious emails and prevent them from reaching inboxes. In this ongoing, multifaceted battle, DMARC email authentication is one way that every organisation can…
Information security is important to everyone. Many of your current and future clients may add ISO 27001 certification as a condition of doing business with you, putting you in a position where you need to start assessing your policies, processes, and procedures. While ISO 27001 alone won’t guarantee you have effective information security practices in…
Not all malware are created equally. And of all the malware out there, the Emotet malware is one of the most potent. Throughout its long life, Emotet has been linked to major malware attacks, and has consistently topped the Global Threat Index since September 2020. The only exception was a relatively quiet November, during which…
The new WhatsApp privacy policy released this week raised several key questions for data protection experts everywhere (and everyone else really). The new privacy policy sets out the information that WhatsApp shares with Facebook, and makes it clear that this policy is non-negotiable – if you don’t like WhatsApp sharing your data with Facebook, your…
What happens after a data breach? Discovery of a data breach is only the tip of the iceberg. Even as companies complete their initial incident response and begin their recovery, trying to minimise the leak and reduce the damage, the chances are that the stolen data has already been passed onto the next stage of…
You may have seen the interesting tale of Cellebrite’s Signal hack claims that they cracked Signal’s at rest encryption, giving them access to encrypted messages on the app when they are physically on the device. This claim was quickly ridiculed, Cellebrite had to roll back their blog giving away their secrets, and Signal’s creator, Moxie…
2020 has been a busy year for cybersecurity around the world with hacks, ransomware attacks, and data breaches making the news on a regular basis. According to analysts there were double the number of cyber attacks in 2020 than in 2019. Some of this increase follows trends from previous years, but it also appears as…
The US Treasury cyber attack is yet another example that absolutely anyone can be the victim of a cyber attack, and another warning that cyber attackers are becoming ever more sophisticated. This time, it was a sophisticated supply chain attack that allowed the US Treasury, and at least one other US government department or agency…
As cyber security professionals, we constantly remind the people around us that it’s not if a cyber attack will happen, it’s when a cyber attack will take place. No organisation is exempt from at least an attempt to hack them, and the FireEye cyber attack, on one of the world’s leading cybersecurity firms is no…
Cyber security mistakes made by individuals are the most common cause of cybersecurity breaches. Learn how to avoid making these mistakes and protect your networks
Shop safely online this Black Friday, and ensure that you don’t become a victim of an online shopping scam with these simple tips
The Manchester United cyber attack could have been worse. Their cybersecurity policies, procedures, and defences prevented a major data breach
Almost every account we use on a day to day basis is protected by a password, but secure passwords alone are not enough to keep your networks safe.
Stolen health data is extremely lucrative on the black market, and private health clinics are attractive targets for cyber criminals.
PASTA threat modelling is a risk-centric, offensive minded methodology which identifies threats and priorities for risk mitigation. Not be confused with pasta…
Hackers have used vulnerability chaining combining known vulnerabilities in their VPN and Windows programs to hack into US government networks
H&M are the latest organisation to receive a fine for data protection failings – this time though it was their own employee data that they failed to protect
A ransomware attack on a hospital in Dusseldorf, Germany resulted in the first ever related death. We explore the morality of this attack, and how it could have been avoided
Your startup is up and running, but how secure are you? Begin your cybersecrurity journey with our introduction to the essentials of cybersecurity for startups.
There is a global shortage of cybersecurity professionals, leaving many companies with inadequate protection. Now’s the time to think outside the box.
Newcastle University is under cyber attack, causing chaos in the leadup to the new academic year. Who did it, what is ransomware, why Newcastle University?
Seven years on from Snowden’s revelations about the NSA’s call tracking program, privacy rights campaigners have had a victory as the courts have called it unlawful and unconstitutional.
Confusing times like the current Covid-19 pandemic are fertile grounds for social engineering scammers – and boy have they been busy over the last few months.
Have you ever wondered what if every time you add a new skill to your Amazon Alexa you are giving an attacker access to your personal information?
This latest scam starts by announcing you will receive a council tax refund and ends with a malicious site which asks for enough personal information to scam you for money.
The EU’s Court of Justice declared today the Privacy Shield data transfer framework invalid because they argue that US state surveillance powers are excessive, and the Privacy Shield does not provide adequate protection.
A 38-year-old Nigerian Instagram influencer, was surprised by the authorities, ambushed and arrested amid claims of a £350 million cyber scam.
Malicious actors use various techniques in order to obtain information from unsuspecting users, utilising successful identify theft attacks.
OSINT refers to information that can be freely and legally gathered from publicly available sources. As a company, you have to be aware of OSINT, and how you can use OSINT tools and techniques to protect yourself from risk.
The Spanish data protection authority fined Twitter with €30,000 for violating cookies regulation and required it to take appropriate remediation measures.
Who should be held responsible for cyber attacks and data breaches? Fingers are being pointed at Chief Executives Officers.
What you need to know about meeting GDPR information security requirements and how much it should cost you : Our quick practical guide.
Britain faces a new model of working due to the lockdown imposed by the Government due to COVID-19.
Cynance information security consultants are here to help you with security advice regarding teleworking security risks.
If you are in London this Thursday, come and hear Cynance’s CEO, Stav Pischits, speaking about good #cybersecurity practices for bad times at the #BCS, The Chartered Institute for IT. Stav will try to answer these questions.
Virgin’s communication strategy can be easily analysed by non-PR people as myself, but the important thing we should learn here is how critical it is to identify company assets, and more specifically “incorrectly configured” assets, a term used by Virgin in its breach notice.
Poor Cathay Pacific: Not only does it have to deal with #Coronavirus catastrophe, but also the UK #ICO. The Hong Kong flag carrier flight company was issued with a 500K£ fine by the ICO for a security breach it has reported, and due to a catalogue of errors found as part of the regulator’s investigation into the breach.
How many of you thought of their Apache Tomcat servers this morning?
A journey of a thousand miles begins with a single step. The road towards #cybersecurity #compliance starts with management’s deep commitment, and team engagement. A journey of a thousand miles begins with a single step. The road towards cybersecurity compliance starts with a company’s management’s deep commitment and team engagement. Two months ago Cynance launched…
A new malware named Mozart is using the DNS protocol to communicate with remote attackers to evade detection by security software and intrusion detection systems.
Come see us at #PragueGamingSummit next week, and hear Cynance CEO Stav Pischits speak about cybersecurity matters as part of the “Advising the Big Companies’’ panel, alongside gaming industry legal-gurus as Tal Itzhak Ron and Genia Gurevich
Can some technologies simply not meet the GDPR requirements, no matter what you do?
GDPR provides the guidelines and framework under which companies can process personal data, allowing companies to assess their practices and apply required protective measures.
Palo Alto launches the new Cortex XDR Managed #ThreatHunting Service. 7 trillion threat artifacts and 14 billion #malware samples crowdsourced from 35,000+ organizations inform Palo Alto’s researchers and machine learning models, providing deeper context on active threats and proactive impact reports to shut down emerging threats with confidence.
ICE London is the one place that brings together the international online and offline gaming sectors.
Cynance will be there too. We are eager to meet you and discuss the meaning of information security risk management in today’s growing need for extended cybersecurity solutions.
Join us to hear Cynance CEO Stav Pischits’ presentation at the Institute and Faculty of Actuaries about what good #cybersecurity practices look like and to what extent can #actuaries, as business professionals analysing financial consequences of #risk, implement these practices operationally.
Over the past few years, most European companies have taken steps and made critical investments in response to the increased data protection compliance requirements, as part of which data inventory and mapping are a key milestone.
New Orleans’ government has declared a state of emergency after falling victim to a cyber attack which forced the shutdown of all its government computers.
For some organisations operational resilience means shutting down their computers and moving to pen and paper. For others, it’s having their systems resilient to advanced phishing campaigns, ransomware attacks, APTs and more…Which kind of organisation do you work for?
Over the past few years, most European companies have taken steps and made critical investments in response to the increased data protection compliance requirements, as part of which data inventory and mapping are a key milestone.
Monzo called hundreds of thousands of customers to pick a new PIN code, after realizing it was storing users’ PIN codes as plain-text in log files.
You probably heard of the enormous data breach suffered by Capital One, exposing personal data of nearly 106 million of the bank’s customers.
In computing, a race condition may occur when two or more threads access shared data and try to change it at the same time.
New technologies can be super exciting, but when you want to keep your assets protected from cyber threats, new technologies actually pose a complex risk.
Over the past decade, numerous cyber attacks have made headlines, each attack more serious than the previous ones: larger in scope, greater in sophistication and more advanced in data exfiltration.
A major electricity supplier in South Africa’s largest city has suffered a ransomware attack, leaving some residents without power.
Who here doesn’t work from public places every once in a while?
The news that British Airways has been told by the Information Commissioners Office they face a record fine for breach of GDPR rules has come as a shock to many.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
