Whilst many of us in Information Security are struggling to patch the broken and educate the confused, the largest of the corporates seem to be making giant leaps in protecting their customers. None more so then the banking sectors! Of …
Shut Up About Facebook
People seem annoyed recently that a little known company called Cambridge Analytica have been accused of doing some pretty dodgy things with our data. I mean, it truly was an edge of the seat expose by Channel 4 – at …
Phishing, Evolved.
When we talk about phishing, the first thing people would associate with is the traditional phishing email. The click here. The “urgent action needed” kind of junk we see everyday in our inboxes… but is this still the case? Are …
Two Factors Of Security
Note: Before starting this article we couldn’t miss the opportunity to recommend people to this web page should you need help setting up two factor on your accounts – https://twofactorauth.org/ Google’s announcement that 10% of users use 2-factor authentication has …
Let’s forget the phishing dangers, is email getting us down?
In no way are we trying to diminish the importance of good email security practice, but sometimes I think about the unforeseen impact email can have on our daily lives. We focus on the fancy malware and the sophisticated credential …
Advanced Phishing Techniques and TalkTalk
We have already had our dealings with TalkTalk as covered in our earlier blogs here and here. We felt the need to disclose their 2015 Data breach previously, but it does disappoint us to need to write again. This isn’t a …
Cyber Resilience Week
In support of the Digital Leaders ‘Cyber Resilience Week’ Richard will be speaking at two events: Monday 11th September 2017 – The DeMontfort University in Leicester – http://digileaders.com/events/securing-business-digital-age Thursday 14th September 2017 – Chelsea Football Club – http://digileaders.com/events/securing-business-digital-age-2 The days will be …
The Making of a Drop Box
A drop box is a small computer designed to be connected to a corporate network, once connected it should enable attackers remote access to the network through a variety of methods. We have seen similar devices used in the wild …
Malicious Packets
Recently we had quite an interesting engagement and we have been allowed to share some of the details! Objective: Gain physical entry to a building for the purpose of impromptu network penetration test and wireless testing. Company Arena: Global Offices, …
Exploiting Chrome Attacks to Educate Staff
Social engineering attacks can normally be quite deceptive and hard to understand, the attack should be a little like magic in the way a victim should be left questioning how you did it after it’s all over. Although as an industry …
Opening Up Fraudulent Invoices
We often talk about the unknown ‘attackers’ out to get us in the context of cyber security, but the majority of these types are not confrontational people – they barely deserve the term attacker. They hide in the shadows with …
A Special Partnership With The London Digital Security Centre
When you look at the past few years our business has really started with an idea and developed into something meaningful. It was designed to make a difference to the security industry and post-startup we have began to see the …
Did the AA have a minor breakdown?
There have been rumours of a potential data breach over at The AA UK, through a series of statements and replies observed on social media it was quiet worrying to build a jigsaw picture that displayed these such issues. As …
UK Parliament Cyber Attack
At the end of last week, news organisations started reporting of a ‘sustained and determined attack’ against the mailboxes of the 650 members of parliament and staff. In the initial release of information it is quite clear the login portal was …
Gibraltar Cyber Security Summit
We attended the Gibraltar Cyber Security Summit this week. It’s an initiative to bring together policing departments, local authority and cyber crime related experts. Speakers from the AFP, FBI, NCA, GCHQ and others took to the stage to transfer essential …
Google Ignored Warnings About Phishing Risks.
On Wednesday the 3rd May 2017 a Phishing campaign propagated across the internet affecting Google users. It was like nothing we’ve seen in recent years. Now the issue has been resolved and the risk mitigated it’s time for some reflection. …
Online AntiSocial Media
When we look at online social media, it has been adopted in one flavour or another by nearly all of us. The way we project our persona online has slowly replaced the media of yesteryear. Expression is nothing new; throughout …
Phishing Robots
So it turns out us humans aren’t the only ones with a few flaws when it comes to an inbound phishing email! Often uttered from the crowds at every infosec event is the dreaded cliché statement, “Well, humans are the weakest links …
Naughty Name Servers
It’s always DNS. If something has broken online the first step is normally checking what the DNS is doing. Similar when we try to discover all we can about an organisation in the recon stages of any assessment it’s also …
The ‘can you hear me’ scam
Last week you might have heard in the press about a phone scam that’s is supposedly sweeping the nation. The dreaded, super sneaky ‘Can you hear me’ scam. Fraudsters will ring you and ask the question “Can you hear me?”. …
Will they send a SMS or won’t they?
Recently I stumbled across a publication from HMRC, it stated the forms of communications they would use to contact the tax paying public. Example messages were displayed in an attempt to ‘whitelist’ communications. Basically, if you receive correspondence that looks …
Lawyers Must Recognise the Value of their Data
This is a copy of a guest blog authored for Ascertus Ltd, feel free to read the post over here. Whilst content in our 9 – 5 employment, slightly resentful that our personal activities aren’t getting the attention they deserve, …
Project ‘Sender ID’
Over 100 Billion SMS messages are sent per year in the U.K., whilst this figure continues to fall due to mobile device users opting to use alternative communication mediums such as WhatsApp, Facebook Messenger and Signal – we are still …
2017 and Beyond
It’s been 2 years to the day since The AntiSocial Engineer Limited was founded; The seasonal timing and also the fact we seem to be doing enough right to pay the bills have made us sit down and question where …
How to nearly buy Google.com for £8
As an English speaker, I mainly stick to Latin characters and some symbols that cover my day to day needs. I demand payment in £, I add a few &@! to my passwords and I am known to include the …
iMessage Preview Problems
In recent Apple iMessage updates, the way links are handled within an SMS message have changed significantly and this adaptation poses quite a concern for us. Early 2016 we were the first company in the UK to offer SMShing services, …
TalkTalk, one year later.
For nearly a year we have had a tale we’ve told to friends and business associates. The tale involves TalkTalk and how one day we found the data breach, alerted them and sparked the controversy that we all know to this …
How to Handle A Data Breach
To a modern business, a data breach can have devastating effects. We have seen TalkTalk hastily bungle, Sage coyly dawdle and much more generally mess it up, it’s got to change. We don’t spend all day hunting these elusive beasts either, but we have had …
Sage UK Payroll Data Breach
Personal details and bank account information for employees of as many as 300 large UK companies may have been compromised as part of a data breach at Sage, a UK accountancy software group. August 11th, 2016 Sage UK Payroll services started …
Everybody on the floor, this is a data breach
August 2nd, 2016 I find myself in a high street bank. I’d just done a 3km run, which is like a marathon to a big bloke. I enter the doors and find a queue akin to the bread lines of …
Policing Insider Threats
The term insider threat is brandished around quite a lot these days, companies often talk about the weakest link in security being people. I guess they are almost right in what they say, but I can still dream about the …
InfoSec Interviews – Richard De Vere
Original article by IT Governance: here So a while back I was interviewed by Lewis Morgan from the IT Governance Blog and thought i’d share this on the site. It is a little tongue in cheek reading it back actually! But …
How we Support Magicians, Fraudsters & Hackers
One advantage of running a small boutique consultancy is I get to steer the business activity towards subjects I personally find interesting. Throughout my career, I have always been fascinated with frauds and that is where my focus normally lies. It’s that magic-like …
Yorkshire Cyber Security Event – A reflection of the real risks
The AntiSocial Engineer Limited is supporting the Yorkshire Cyber Security Cluster to announce the first annual Yorkshire Cyber Security Event taking place on the 12th May at the 3m Buckley Innovation Centre in Huddersfield. We will be talking about our recent …
Sim Swap Fraud – Porting your digital life in minutes.
In this post, I wish to cover ‘Sim Swap Fraud’ and some of the ways we can prevent it. I’m not a natural writer, I only do these blogs in hope people will listen up and improve security. So feel free …
Introducing SMShing Assessments
SMShing Explained SMShing is a common attack method used in the wild to target companies, using targeted text messages towards staff mobile phones. These messages can be generic or a more focused ‘spear’ type message, depending on how much information …
Abusing automated call handlers
I grew up in Yorkshire and of all the likeable local traits there is, there is one I despise. The gruff, basterdised local accent. Londoners mistakenly view you as a farmer and there is no risk of hearing the tones …
OSINT For Profit
An interesting skill we have honed over the years has been the use of OSINT techniques to gather information on a client company. For those new to all this, it’s ok because you can follow quite easily and should learn …
Rubbish Security
When considering the security threats your organisation will encounter you would be forgiven if the humble bin slipped your mind. Every instance of this invisible cyber, hacking, scare story we receive on the media these days is referring to ‘complex …
Social Engineering & TalkTalk
This month I have been looking at the way in which a small minority of TalkTalk customers are suffering from the rise in social engineering attacks. It seems post CPW/TalkTalk breach real evidence of further frauds is apparent. Victims can …
The Problem With Know-it-all Security.
I am not one for quotes and ‘Facebook philosophy’ memes but recently, I was reminded of my favourite quote on a certain social media platform: “The only true wisdom is in knowing you know nothing.” – Socrates The pursuit of education …
Tripwire – A look at the real British social engineers
Tripwire have been helping us shine light onto the real threats a UK business will face when it comes toe to toe with a real social engineer. Read the full article here. Taking a Look at the Real British …
Tripwire/BSidesLDN – A look at the real African social engineers
Tripwire have really been supportive of the message we try hard to pass on and have shown us much kindness. It’s important to inform people the best we can and Tripwire is the perfect medium for this. Read the full …
Should brainwaves be used for employee screening?
An interesting article by SC Magazine regarding a study that suggests brainwaves could be used to assess if an applicant will be a security hazard. At The AntiSocial Engineer we believe staff are never beyond help, we work together to …
Is Phishing going corporate?
Only SC magazine could take a long statistic driven report and explain it on a many levels. This ProofPoint report clearly reveals the insight into Phishing campaigns missed by so many. Many thanks to their editor for leaning on us …
Why Social Engineering assessments should matter to you…
Social Engineering has taken precedent in 2014, with some of the biggest data breaches ever recorded. 2015 is set to be another year filled with yet more attempts, yet more phishing emails hitting your business and having an adverse effect. …