Some of you may know, a severe vulnerability was discovered in Log4j, a Java logging package. This ubiquitous package is included in products such as Apache and Apple products. Worse yet, this component is so widely used — that it is believed to be within multiple components within applications. This means that security teams worldwide […]
10
Dec
Dec
WordPress sites have been under attack for 36 hours, from 16,000 IP addresses. Threat Intelligence Analysts from Wordfence, have reported an ongoing assault against 1.6 million WordPress sites. The traffic originates from 16,000 IPs and threat actors appear to be targeting four WordPress plugins and fifteen Epsilon Framework themes. One of which has no patch […]
30
Nov
Nov
Threat actors are actively exploiting a misconfigured Google Cloud Platform (GCP) infrastructure to mine cryptocurrency. Google’s recent threat horizon report detailed that out of 50 recently compromised GCP instances, 86% were used for crypto mining. Statistics show that 48% of intrusions were the result of poor password hygiene and or insecure API configurations. However, 26% […]
14
Dec
Dec
Please be advised that SolarWinds has issued an urgent security advisory for their Orion Platform. It’s claimed that nation-state actors aggressively targeted at least two U.S. Government Agencies to include the US Department of Treasury and the National Telecommunications and Information Administration. Additionally, other global organisations in various industries ranging from telecoms, major retail chains […]
22
Oct
Oct
In this landscape, keeping your staff engaged is key to creating and maintaining a culture of information security awareness. The key is giving them a constant ‘drip-feed’ of illumination in the form of bite-sized multi-media dispatches. Here’s an infographic to show you how Now that we have shown you the key to how we keep your staff engaged […]