Password Security

Risk of re-use: Password Security

This week is an ideal time to provide some insight and context for those who re-use the same password across multiple websites and services. We’ve touched on this topic previously, but a more thorough explanation may help you re-evaluate your existing password security. The risk with re-using passwords isn’t limited to the strength of the[…]

Covid-19

Security Attacks on COVID-19 research facilities

We’re seeing a substantial increase in the number of attacks against the COVID-19 supply chain, with a significant focus placed on those producing vaccines. A recent report by the UK National Cyber Security Centre (NCSC) provides advisories on identifying and mitigating the attack vectors used to compromise systems for data exfiltration. Investigation by NCSC and[…]

Development pipelines

Integrating Security into your Development Pipelines

Implementing security into an already established and successful development pipelines can be both difficult and intensive. However, ensuring that product delivery also encompasses security through relevant testing is vital for continuous improvement. Our article this week will focus on how you can begin to review and implement security testing into your development pipelines, and how[…]

Security in your Software Development Lifecycle

Your software development lifecycle likely includes some form of Quality Assurance testing. QA testing is an excellent strategy to demonstrate your application works as intended and meets all key requirements your client has specified. Implementing security into your development lifecycle can seem daunting. However, secure design, assurance to your client, improved reputation are  invaluable payoffs.[…]

Botnets, Credential Stuffing and mitigation

Dark_Nexus Botnet BitDefender researchers have recently identified a new botnet, dubbed “dark_nexus”. This botnet is similar to the Mirai botnet from back in 2016, but instead targets IoT devices to perform distributed denial of service (DDoS) attacks. This botnet grows primarily by using credentials stuffing attacks against different types of devices such as routers, video[…]

Confidentiality, Availability and Integrity

Confidentiality, availability and integrity, known as the CIA triad, are considered the most crucial parts of security. Confidentiality – is the assurance the information is not disclosed to unauthorised individuals, processes or devices while making sure authorised personnel can. The confidentiality of data can be adhered to by utilising strong complex passwords, two-factor authentication and[…]

Event logs

Event logs are detailed records containing information relating to what occurred on the device. A log entry is created for every event and application notification on a device within the network and are often categorised with a severity level ranging from information through to critical. Windows event logs can be utilised by the network administrators[…]