Monthly Archives: February 2020

Attack Anatomy – Session Hijacking

In session hijacking, the phisher exploits the web session control mechanism to steal information from the user. In a simple session hacking procedure known as session sniffing, the phisher can use a sniffer to intercept relevant information so that he or she can access the Web server illegally. By scanning your website we can detect pages […]

View one of the Best Security Awareness Training and Phishing Progams

Phishing Statistics

Join us Wednesday, March 4 @ 19:00 (GMT), for a live demonstration of how Middlewave introduces a new-school approach to security awareness training and simulated phishing. See how easy it is to train and phish your users: Train your users with access to the world’s largest library of awareness training content and automated training campaigns with scheduled reminder emails. […]

A U.S. Natural Gas Operator Shuts Down for 2 Days After a Phishing Attack Infects it With Ransomware

A U.S. Natural Gas Operator Shuts Down for 2 Days After a Phishing Attack Infects it With Ransomware Dan Goodin at Ars Technica reported something worrisome: “A US-based natural gas facility shut down operations for two days after sustaining a ransomware infection that prevented personnel from receiving crucial real-time operational data from control and communication […]

Ransomware Criminals Hack an Accounting Company and Cause a Data Breach for Their Customers

Last December, a ransomware infection of Albany, New York-based accounting firm BST & Co. CPAs LLC exposed the confidential data of their customers, causing a data breach for one of their health care customers as well as other clients of the firm. Some of the data has shown up on the publicly accessible website of […]

Hackers Post Details on MGM Resorts Guests

Hackers have posted on an underground forum the personal information of 10.6 million MGM Resorts guests, ZDNet reports. The exposed information includes full names, home addresses, phone numbers, emails and dates of birth, according to the report, which claims the authenticity of the data has been verified with the help of a yet-to-be-launched monitoring firm called Under […]

Attack Anatomy – What Is Phishing?

Phishing is the process of attempting to acquire sensitive personal information such as account details e.g. usernames, passwords and credit card details by masquerading as a trustworthy source using emails which evade your organization’s spam filters. Emails claiming to be from your colleagues, social media sites, Microsoft etc. are commonly used to trick you into thinking […]

Systems at Redcar and Cleveland Council have been down for almost three weeks after the ransomware attack.

(February 14 & 17, 2020)Computer systems belonging to the Redcar and Cleveland Borough Council (UK) were infected with malware. The attack occurred on February 8, and as of February 26, were still “working with a reduced capacity”. The council has called in help from the National Cyber Security Centre (NCSC). The council has not said […]

PCI DSS – Security Testing

According to the PCI Standards the goals of penetration testing are: 1.To determine whether and how a malicious user can gain unauthorized access to assets that affect the fundamentalsecurity of the system, files, logs and/or cardholder data. 2.To confirm that the applicable controls required by PCI DSS—such as scope, vulnerability management,methodology, and segmentation—are in place. […]