You may have read this morning about a reported potential vulnerability in some Wi-Fi networks, known as KRACKs. Our first analysis indicates that via KRACKs, an attacker within range of a device could potentially intercept, decrypt and read data that has supposedly been securely transmitted over a ‘protected’ Wi-Fi network. In some cases, the attacker
Our advice on the KRACKS Wi-Fi vulnerability Read More »
Another day, another data breach and yet another apology. After hackers stole private data of Equifax’s 143 million customers (including data from 400,000 UK residents), their new CEO Paulino do Rego Barros Jr, wrote an open letter that was published by the Wall Street Journal on 27 September. “On behalf of Equifax, I want to express my sincere
Don’t use the Equifax example: How you SHOULD communicate a data breach Read More »
It’s not easy to admit to getting it wrong, but that’s what Bill Burr did in a recent interview with the Wall Street Journal. Back in 2003, as an advisor for the American National Institute of Standards and Technology (NIST), Burr recommended irregular capitalisation, special characters and numerals in our passwords; such as wHyWeN3edP4s5w0rd5. Burr
Expert admits that his password advice was wrong. So how should you choose a password? Read More »
A significant email-spam campaign has been observed over the past two days, distributing two new variants of the ‘Locky’ ransomware. At this stage the 2-sec team believes the ransomware to be similar to most other ransomware programs, in that it will encrypt files after a machine has been infected. This alert has been issued by
New Ransomware alert: Diablo6 and Mamba Read More »
Alexander Drabek is part of our team of expert penetration testers; who “ethically hack” into client’s networks and find any potential weaknesses. We asked him exactly what it is he does, and how he does it. What skills do you need to become a penetration tester? Many people think penetration testers are highly obsessive and
A day in the life of a 2-sec penetration tester Read More »
Ever had days when you feel like time is standing still, and you spend most of the day staring at the clock? Us too. Especially in my first “proper” job working as a lowly BT data entry “administrator” in the early 1990s. (It paid just enough for the occasional curry and weekend pint). Nowadays I’m
Bored and distracted employees are your biggest security risk Read More »
An interesting external penetration test was recently performed by our expert team, that resulted in discovery of a new vulnerability (CVE-2017-9553) in a popular Synology NAS device. A NAS (Network Attached Storage) device is a storage mechanism connected to a network that allows storage and retrieval of data from a centralized location for authorized network
2-sec’s expert team uncovers new vulnerability in popular Synology NAS device Read More »
Only a month after WannaCry, a new malware attack is spreading like wildfire across Europe, India, Russia and is definitely heading towards America. A variant of the Petya/Petrwrap malware virus has already affected companies in Spain, France and the UK. Symantec has confirmed the ransomware is using EternalBlue, the same exploit as last month’s WannaCry
CIFAS, the Fraud Prevention organisation, has revealed that numbers of young identity fraud victims (those aged 30 and under) have increased by a staggering 52% since 2015. The survey also revealed that 50% of the young people surveyed believed they would never fall for an online scam. Why are young people so blasé about identity
Why are young people failing to protect themselves against identity fraud? Read More »
