Alexander Drabek is part of our team of expert penetration testers; who “ethically hack” into client’s networks and find any potential weaknesses. We asked him exactly what it is he does, and how he does it. What skills do you need to become a penetration tester? Many people think penetration testers are highly obsessive and […]
A day in the life of a 2-sec penetration tester Read More »
Ever had days when you feel like time is standing still, and you spend most of the day staring at the clock? Us too. Especially in my first “proper” job working as a lowly BT data entry “administrator” in the early 1990s. (It paid just enough for the occasional curry and weekend pint). Nowadays I’m
Bored and distracted employees are your biggest security risk Read More »
An interesting external penetration test was recently performed by our expert team, that resulted in discovery of a new vulnerability (CVE-2017-9553) in a popular Synology NAS device. A NAS (Network Attached Storage) device is a storage mechanism connected to a network that allows storage and retrieval of data from a centralized location for authorized network
2-sec’s expert team uncovers new vulnerability in popular Synology NAS device Read More »
CIFAS, the Fraud Prevention organisation, has revealed that numbers of young identity fraud victims (those aged 30 and under) have increased by a staggering 52% since 2015. The survey also revealed that 50% of the young people surveyed believed they would never fall for an online scam. Why are young people so blasé about identity
Why are young people failing to protect themselves against identity fraud? Read More »
Imagine that a business wanted to outsource a particular business function, but no one on the Board of Directors had sufficient tech expertise to grasp why this might cause security issues.Investing in an upgraded network with a centralised administrator responsible for granting permission levels would resolve the problem, but the Board is reluctant to invest
Does your board need a technical expert? Read More »
Ransomware has been a recognised issue for some time, however to date, perhaps only one or two systems in a company might have become infected by the wayward clicks of a bored receptionist. Ransomware has rarely been a business-critical issue. Wanna Cry changed that. Not only did it infect single machines, as classic ransomware does,
Wanna Cry. Our analysis. Read More »
Google users appear to have been the latest victims of the most recent phishing attack, this time through their file sharing Google Docs service. Victims were sent a sinister email disguised as a fraudulent invitation to edit a Google Doc that appears to come from one of their contacts. The subject line reads “[Contact name]
Remember that $100 million whaling scam? Read More »
On March 7th, WikiLeaks published a catalogue of documents containing details of secret hacking tools used by the CIA. They called this information “Vault 7” and have promised the leak is just a small part of a much bigger cache of data, which they will release shortly. The documents date from 2013 to 2016 and
The Vault 7 leak – am I a CIA target? Read More »
We sometimes suffer from deja-vu here in the 2-sec office. Whilst rifling through dusty filing cabinets in our annual spring clean, we rediscovered an article from the last quarter of 2016. The article was headlined with the title, “UK SMEs have a False Sense of Cyber Security”. We had to re-examine the story to check
How will GDPR affect small business owners? Read More »
