iOS Trustjacking

iOS Trustjacking is a new vulnerability which allows attackers to exploit the iTunes Wi-Fi sync feature. Designed to allow users to manage their iOS devices without requiring a physical connection to a computer, this feature can be manipulated by attackers to acquire persistent control over the victim’s device. So how does Trustjacking work? Firstly, the
-> Continue reading iOS Trustjacking

Reddit’s Data Breach

Reddit suffered a data breach between the 14th and 18th of June this year and have subsequently lost all Reddit data from 2007 and before, containing account credentials (username and hashed + salted password), email addresses and both public and private messages. More recent data includes email digests sent during the period of June 2018
-> Continue reading Reddit’s Data Breach

The Networks & Information Systems Directive (NISD)

The Networks and Information Systems Directive, more commonly referred to as the NIS Directive, is a law that was introduced on 9th May this year. The purpose of this directive is to improve the security of businesses providing essential services such as energy, transport, banking and healthcare. NISD also applies to businesses providing critical digital
-> Continue reading The Networks & Information Systems Directive (NISD)

5G

Most of us are well acquainted with 4G by now. The wide use of this technology has been rapidly increasing from 2012 to present with a colossal jump from 1.2 million subscribers in 2010 to approximately 1.4 billion subscribers in 2018. 5G is the fifth generation of wireless networking standard we all use to stay
-> Continue reading 5G

Google Play Store & Fake Applications

There are an enormous number of fake applications that linger within the Google Play app store, this week’s blog is designed to raise awareness of fake applications and how to best identify them. Recently, an attacker had uploaded three banking applications onto the Google Play app store to harvest banking information from unsuspecting users. The
-> Continue reading Google Play Store & Fake Applications

Google Chrome Pushes for More Encryption on the Web

Google’s push for more encryption on the web has started with Google Chrome 68, the latest version of Google’s web browser. It comes with a new feature that will list all non encrypted websites as “Not Secure”. This change to Google Chrome means that all HTTP sites will now show a “Not Secure” icon in
-> Continue reading Google Chrome Pushes for More Encryption on the Web

Protect your data!

In recent news, documents have been found for sale on the dark web containing sensitive information relating to the U.S. Air Force. These documents were featured for as low as $100 to $200 and were found by Information Security Analysts while trawling through the dark web searching for criminal activity. These analysts posed as potential
-> Continue reading Protect your data!

Third-Party Gmail Applications

As of last year, Google pledged to stop collecting data from Gmail user’s inboxes to fuel targeted advertisements. However, this does not apply for the third-party developers that create apps and extensions for Gmail. Google claims that all third-party app developers and companies are examined before granting them access to the Gmail service, and that swift action is taken in any instances of poor or unclear practice from
-> Continue reading Third-Party Gmail Applications

The Danger of Selling Used Storage Devices

A recent study into used storage devices such as memory cards, USB sticks and Hard Drives has been conducted by The University of Hertfordshire’s Cyber Security Centre to see how often used storage devices is bought and sold containing personal data from the previous owner. The study involved purchasing 100 used storage devices from online
-> Continue reading The Danger of Selling Used Storage Devices