I love myself a good Security BSides, and I've never been to Tallin in Estonia. So when I saw the CFP was open I submitted and was delighted to be selected. View of Riga, Latvia Unable to find a reliable direct flight to Tallin, and horrendously long connecting flights - I opted for the scenic … Continue reading BSides Tallinn 2022
I'm filing this one under I'm a bit cynical about it. According to this story there have been a bunch of people who have paid to have their fingerprints surgically altered. Some of the people were workers in Kuwait who had been deported for criminal activity. By having their fingerprints altered, and a new identity created … Continue reading Fingerprints are awesome, until they’re not
In Japan, someone registered a trademark for CUGGL as a clothing brand in Japan. GUCCI tried to sue for copyright, but the Japan trademark office stated that CUGGL is not similar enough to GUCCI to warrant enforcement. Well, maybe not in the written word, but what do you think about the partially obscured logo? I … Continue reading GUCCI vs CUGGL
Lloyds of London has told its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels or risk. Hmm so where do we begin to unpack this one? Attribution is never easy, even in the best of times. So who will decide whether an attack is a … Continue reading Lloyd’s to end insurance coverage for state cyber attacks
Twilio was recently compromised after a couple of employees handed over their credentials to an attacker. The unsuspecting employees were targeted by a Smishing attack in which they received a text message on their phone saying their passwords had expired and they needed to re-authenticate. A useful link was provided which took the employees to … Continue reading Twilio smished – SMS is the new achilles heel
Group-IB have published a very well researched report on fake investment scams in Europe The scam follows a well-established set of steps:1. The bogus come-on is published on social media.2. The victim is taken to a phony investment website.3. The victim enters personal information in a form on the scam site.4. A call center contacts … Continue reading Get rich in Europe for €250 (or lose it all and your personal data)
I saw this post on linkedin and was part disgusted, but also slightly admired the professionalism and thought that went into this scam. An unsuspecting victim was sent a USB drive that for all intents and purposes looked like it came from Microsoft. The packaging and logo all looks legit. This is where people's biases … Continue reading Microsoft sent you a USB stick – what would you do?
I was recently reminded of this headline from a few years ago where a couple left their bikes unlocked to lure thieves and then proceeded to beat them up with baseball bats. I don't advocate violence, and nor do I approve of vigilante behaviour. But police around the world use this trick all the time. … Continue reading Honey Trapping Baddies (or just nosey people)
Some interesting research from Malwarebytes Labs. The first was around verified Twitter accounts receiving direct messages apparently from Twitter which claimed their accounts had been flagged for hate speech. They would then be redirected to a fake Twitter help centre to input their login credentials. The second was a Discord phishing campaign where people would recieve … Continue reading Verified Twitter accounts phished via hate speech!
We see many discussions these days around deep fakes and how AI will be able to create content that the human eye cannot spot as being fake, leading us to be easily manipulated. However, the reality is that people can be fooled far more easily. The BBC reports that a fake IPL Cricket match was … Continue reading Fake cricket, real betting – story of a not so deep fake