Whilst many of us in Information Security are struggling to patch the broken and educate the confused, the largest of the corporates seem to be making giant leaps in protecting their customers. None more so then the banking sectors! Of …
People seem annoyed recently that a little known company called Cambridge Analytica have been accused of doing some pretty dodgy things with our data. I mean, it truly was an edge of the seat expose by Channel 4 – at …
When we talk about phishing, the first thing people would associate with is the traditional phishing email. The click here. The “urgent action needed” kind of junk we see everyday in our inboxes… but is this still the case? Are …
Note: Before starting this article we couldn’t miss the opportunity to recommend people to this web page should you need help setting up two factor on your accounts – https://twofactorauth.org/ Google’s announcement that 10% of users use 2-factor authentication has …
In no way are we trying to diminish the importance of good email security practice, but sometimes I think about the unforeseen impact email can have on our daily lives. We focus on the fancy malware and the sophisticated credential …
We have already had our dealings with TalkTalk as covered in our earlier blogs here and here. We felt the need to disclose their 2015 Data breach previously, but it does disappoint us to need to write again. This isn’t a …
In support of the Digital Leaders ‘Cyber Resilience Week’ Richard will be speaking at two events: Monday 11th September 2017 – The DeMontfort University in Leicester – http://digileaders.com/events/securing-business-digital-age Thursday 14th September 2017 – Chelsea Football Club – http://digileaders.com/events/securing-business-digital-age-2 The days will be …
A drop box is a small computer designed to be connected to a corporate network, once connected it should enable attackers remote access to the network through a variety of methods. We have seen similar devices used in the wild …
Recently we had quite an interesting engagement and we have been allowed to share some of the details! Objective: Gain physical entry to a building for the purpose of impromptu network penetration test and wireless testing. Company Arena: Global Offices, …
Social engineering attacks can normally be quite deceptive and hard to understand, the attack should be a little like magic in the way a victim should be left questioning how you did it after it’s all over. Although as an industry …
We often talk about the unknown ‘attackers’ out to get us in the context of cyber security, but the majority of these types are not confrontational people – they barely deserve the term attacker. They hide in the shadows with …
When you look at the past few years our business has really started with an idea and developed into something meaningful. It was designed to make a difference to the security industry and post-startup we have began to see the …
There have been rumours of a potential data breach over at The AA UK, through a series of statements and replies observed on social media it was quiet worrying to build a jigsaw picture that displayed these such issues. As …
At the end of last week, news organisations started reporting of a ‘sustained and determined attack’ against the mailboxes of the 650 members of parliament and staff. In the initial release of information it is quite clear the login portal was …
We attended the Gibraltar Cyber Security Summit this week. It’s an initiative to bring together policing departments, local authority and cyber crime related experts. Speakers from the AFP, FBI, NCA, GCHQ and others took to the stage to transfer essential …
On Wednesday the 3rd May 2017 a Phishing campaign propagated across the internet affecting Google users. It was like nothing we’ve seen in recent years. Now the issue has been resolved and the risk mitigated it’s time for some reflection. …
When we look at online social media, it has been adopted in one flavour or another by nearly all of us. The way we project our persona online has slowly replaced the media of yesteryear. Expression is nothing new; throughout …
So it turns out us humans aren’t the only ones with a few flaws when it comes to an inbound phishing email! Often uttered from the crowds at every infosec event is the dreaded cliché statement, “Well, humans are the weakest links …
It’s always DNS. If something has broken online the first step is normally checking what the DNS is doing. Similar when we try to discover all we can about an organisation in the recon stages of any assessment it’s also …
Last week you might have heard in the press about a phone scam that’s is supposedly sweeping the nation. The dreaded, super sneaky ‘Can you hear me’ scam. Fraudsters will ring you and ask the question “Can you hear me?”. …
Recently I stumbled across a publication from HMRC, it stated the forms of communications they would use to contact the tax paying public. Example messages were displayed in an attempt to ‘whitelist’ communications. Basically, if you receive correspondence that looks …
This is a copy of a guest blog authored for Ascertus Ltd, feel free to read the post over here. Whilst content in our 9 – 5 employment, slightly resentful that our personal activities aren’t getting the attention they deserve, …
Over 100 Billion SMS messages are sent per year in the U.K., whilst this figure continues to fall due to mobile device users opting to use alternative communication mediums such as WhatsApp, Facebook Messenger and Signal – we are still …
It’s been 2 years to the day since The AntiSocial Engineer Limited was founded; The seasonal timing and also the fact we seem to be doing enough right to pay the bills have made us sit down and question where …
As an English speaker, I mainly stick to Latin characters and some symbols that cover my day to day needs. I demand payment in £, I add a few &@! to my passwords and I am known to include the …
In recent Apple iMessage updates, the way links are handled within an SMS message have changed significantly and this adaptation poses quite a concern for us. Early 2016 we were the first company in the UK to offer SMShing services, …
For nearly a year we have had a tale we’ve told to friends and business associates. The tale involves TalkTalk and how one day we found the data breach, alerted them and sparked the controversy that we all know to this …
To a modern business, a data breach can have devastating effects. We have seen TalkTalk hastily bungle, Sage coyly dawdle and much more generally mess it up, it’s got to change. We don’t spend all day hunting these elusive beasts either, but we have had …
Personal details and bank account information for employees of as many as 300 large UK companies may have been compromised as part of a data breach at Sage, a UK accountancy software group. August 11th, 2016 Sage UK Payroll services started …
August 2nd, 2016 I find myself in a high street bank. I’d just done a 3km run, which is like a marathon to a big bloke. I enter the doors and find a queue akin to the bread lines of …
The term insider threat is brandished around quite a lot these days, companies often talk about the weakest link in security being people. I guess they are almost right in what they say, but I can still dream about the …
Original article by IT Governance: here So a while back I was interviewed by Lewis Morgan from the IT Governance Blog and thought i’d share this on the site. It is a little tongue in cheek reading it back actually! But …
One advantage of running a small boutique consultancy is I get to steer the business activity towards subjects I personally find interesting. Throughout my career, I have always been fascinated with frauds and that is where my focus normally lies. It’s that magic-like …
The AntiSocial Engineer Limited is supporting the Yorkshire Cyber Security Cluster to announce the first annual Yorkshire Cyber Security Event taking place on the 12th May at the 3m Buckley Innovation Centre in Huddersfield. We will be talking about our recent …
In this post, I wish to cover ‘Sim Swap Fraud’ and some of the ways we can prevent it. I’m not a natural writer, I only do these blogs in hope people will listen up and improve security. So feel free …
SMShing Explained SMShing is a common attack method used in the wild to target companies, using targeted text messages towards staff mobile phones. These messages can be generic or a more focused ‘spear’ type message, depending on how much information …
I grew up in Yorkshire and of all the likeable local traits there is, there is one I despise. The gruff, basterdised local accent. Londoners mistakenly view you as a farmer and there is no risk of hearing the tones …
An interesting skill we have honed over the years has been the use of OSINT techniques to gather information on a client company. For those new to all this, it’s ok because you can follow quite easily and should learn …
When considering the security threats your organisation will encounter you would be forgiven if the humble bin slipped your mind. Every instance of this invisible cyber, hacking, scare story we receive on the media these days is referring to ‘complex …
This month I have been looking at the way in which a small minority of TalkTalk customers are suffering from the rise in social engineering attacks. It seems post CPW/TalkTalk breach real evidence of further frauds is apparent. Victims can …
I am not one for quotes and ‘Facebook philosophy’ memes but recently, I was reminded of my favourite quote on a certain social media platform: “The only true wisdom is in knowing you know nothing.” – Socrates The pursuit of education …
Tripwire have been helping us shine light onto the real threats a UK business will face when it comes toe to toe with a real social engineer. Read the full article here. Taking a Look at the Real British …
Tripwire have really been supportive of the message we try hard to pass on and have shown us much kindness. It’s important to inform people the best we can and Tripwire is the perfect medium for this. Read the full …
An interesting article by SC Magazine regarding a study that suggests brainwaves could be used to assess if an applicant will be a security hazard. At The AntiSocial Engineer we believe staff are never beyond help, we work together to …
Only SC magazine could take a long statistic driven report and explain it on a many levels. This ProofPoint report clearly reveals the insight into Phishing campaigns missed by so many. Many thanks to their editor for leaning on us …
Social Engineering has taken precedent in 2014, with some of the biggest data breaches ever recorded. 2015 is set to be another year filled with yet more attempts, yet more phishing emails hitting your business and having an adverse effect. …
