Over 2,500 vulnerable devices from Geovision have a backdoor due to a weak default password “admin”. This can lead to these devices being remotely compromised. As a best practice, ensure all root passwords are complex and are not set to the default value. Other flaws include allowing unauthenticated attackers to access system logs, using hardcoded […]
If you had a chance to read part 1 of this blog series, you’ll remember that my top 3 risk management predictions for the next six months included: A huge increase in reported data breaches An increase in COVID-19 related phishing emails An increase in targeted ransomware attacks In this post, I’ll explain how businesses […]
Those who are using old D-Link routers might not able to work from home and are opening themselves for malicious attacks. This due to a vulnerability in those D-Link routes that allows attackers to inject commands and cause DoS. Users of those vulnerable old routers won’t be able to upgrade its firmware as it’s no […]
As we slowly ease out of the lockdown here in the UK, businesses once again have to adapt to changing environments. Some businesses will continue to operate with their staff in a dispersed manner, while others will be looking to open offices and bring their staff back to the workplace. The COVID-19 pandemic means that […]
It is an undeniable fact that all applications and infrastructures are essentially in need of a penetration test. It is a known fact that humans are the weakest link in the security chain with 60% of breaches occurring from human error. Therefore, developers and administrators may find it challenging to build and configure fully secure […]
As discussed in our previous blog post: 4 Working from Home Security Tips, many organization have changed the way they connect and communicate in their new working from home (WFH) environments. Therefore organisations must adjust data protection controls to account for changes that the pandemic has brought in our new working environments. The development of COVID-19 […]
In 2019, the ICO fined Marriott Hotels £99 million under the GDPR for not undertaking sufficient due diligence to secure its systems when it acquired Starwood Hotels Group. This resulted in 339 million unprotected guest records being exposed. Elizabeth Denham, Information Commissioner stated: “The GDPR makes it clear that organisations must be accountable for the […]
The Covid-19 pandemic made it imperative for organisations to conduct business remotely in order to stay competitive during the UK lockdown. Many have adjusted quickly, changing the way they deliver services, connect and communicate with employees in their new working from home (WFH) environment. HR policies may have been changed to allow for WFH but […]
Previously known as ‘privacy by design’, “data protection by design and default” has always been part of the UK Data Protection Law. But the key change is with the General Data Protection Regulation (GDPR) now making it a legal requirement. The GDPR requires you to put in place appropriate technical and organisational measures to implement […]
Social engineering can be summed up as hacking the human. Simply put it is the action of leveraging human frailty – our reaction to urgency, to compliance with perceived figures of authority, to taking information at face value – and using it against us as a way of eliciting information or performing unauthorised actions. Social […]