It’s time for your SQL Injection, now hold still you’re going to feel a sharp scratch… If your business has a website, and I suspect it does, then the chances are that, behind-the-scenes, it uses a programming language called Structured Query Language (SQL) to manipulate and retrieve data stored in databases. Now when I say […]
Secure your site against SQL Injection! Read More »
So, criminals are SMiShing phones now! Don’t be fooled by the daft sounding name, this is an attack right where many are very, very vulnerable. You see, we’ve been barking on at you all for years now about not clicking anything in, or replying to, emails unless you are certain of their authenticity. By now
SMiShing is happening right now. Watch out! Read More »
Coming soon to cinemas everywhere In years to come I’m almost positive that we can expect a film adaptation of certain recent events. Like a weird mash up perhaps of The Social Network (2010), The Matrix (1999), Hackers (1995), and.. I don’t know.. Welcome to Macintosh (yes that’s a real film too, made in 2008)
Apple to give FBI backdoor to the iPhone… Read More »
Would you believe them, if you received an email or phone call from someone making that claim? What if they were really, really convincing? Probably not, but what if they appeared to be your boss, or your boss’s boss, and asked you to do something that was, basically, your job? Unbelievably, within hours of agreeing
CEO Fraud – “This is the President speaking.” Read More »
You can almost feel it happening, can’t you? Every time there is an introduction of, or a change to some regulation or another, the vultures of the legal, security consulting, and even security product vendors spin up their marketing machines to invent new promises on how they will ‘guide you through the pending minefield’. The
Privacy Shield (ex. Safe Harbor), Here Come the Vultures! Read More »
The term ‘ransomware’ refers to a type of malware that’s purpose is to infect a victim’s technology and then extort money from them by holding it hostage, demanding the purchase of an unlock code or antidote in order to restore access. The ransomware will often display a message pretending to be some form of law
Hand over the BitCoin if you ever want to see your precious Data again… Read More »
I’ve been busy assessing a Microsoft Azure environment as of late, for PCI DSS purposes. So. I go here to download their AoC: https://azure.microsoft.com/en-gb/support/trust-center/compliance/pci-dss/ The date of the AoC is December 31, 2014, and a number of requirements have been “Not Tested”, identified as “N/A” and Compensating Controls have been applied. I guess that’s fair
Is Microsoft Azure PCI DSS Compliant? Lessons in due diligence…. Read More »
We are very excited to announce a new service, that delivers on-demand penetration testing, as and when you need it. There will be no call with a sales guy, no time wasted with phone calls and meetings – you simply enter your details, pick a testing date, and you leave the rest to us. With
2-sec Introduces Penetration Testing On-Demand Read More »
BACKGROUND The Italian based company Hacking Team (that sells surveillance software tools to government agencies and private companies), experienced a data breach last weekend which led to the alleged theft of 400GB of corporate data. The data contained financial information, customer contact details and apparently the source code of
The Hacking Team Breach: 2-sec’s Reaction to the Attack Read More »
