Lloyd’s to end insurance coverage for state cyber attacks

Lloyds of London has told its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels or risk. Hmm so where do we begin to unpack this one? Attribution is never easy, even in the best of times. So who will decide whether an attack is a … Continue reading Lloyd’s to end insurance coverage for state cyber attacks →

Twilio smished – SMS is the new achilles heel

Twilio was recently compromised after a couple of employees handed over their credentials to an attacker. The unsuspecting employees were targeted by a Smishing attack in which they received a text message on their phone saying their passwords had expired and they needed to re-authenticate. A useful link was provided which took the employees to … Continue reading Twilio smished – SMS is the new achilles heel →

Get rich in Europe for €250 (or lose it all and your personal data)

Group-IB have published a very well researched report on fake investment scams in Europe The scam follows a well-established set of steps:1. The bogus come-on is published on social media.2. The victim is taken to a phony investment website.3. The victim enters personal information in a form on the scam site.4. A call center contacts … Continue reading Get rich in Europe for €250 (or lose it all and your personal data) →

Microsoft sent you a USB stick – what would you do?

I saw this post on linkedin and was part disgusted, but also slightly admired the professionalism and thought that went into this scam. An unsuspecting victim was sent a USB drive that for all intents and purposes looked like it came from Microsoft. The packaging and logo all looks legit. This is where people's biases … Continue reading Microsoft sent you a USB stick – what would you do? →

Honey Trapping Baddies (or just nosey people)

I was recently reminded of this headline from a few years ago where a couple left their bikes unlocked to lure thieves and then proceeded to beat them up with baseball bats. I don't advocate violence, and nor do I approve of vigilante behaviour. But police around the world use this trick all the time. … Continue reading Honey Trapping Baddies (or just nosey people) →

Verified Twitter accounts phished via hate speech!

Some interesting research from Malwarebytes Labs. The first was around verified Twitter accounts receiving direct messages apparently from Twitter which claimed their accounts had been flagged for hate speech. They would then be redirected to a fake Twitter help centre to input their login credentials. The second was a Discord phishing campaign where people would recieve … Continue reading Verified Twitter accounts phished via hate speech! →

Fake cricket, real betting – story of a not so deep fake

We see many discussions these days around deep fakes and how AI will be able to create content that the human eye cannot spot as being fake, leading us to be easily manipulated. However, the reality is that people can be fooled far more easily. The BBC reports that a fake IPL Cricket match was … Continue reading Fake cricket, real betting – story of a not so deep fake →

Smart thermostats, Rabbits, and TV Pickup

In a paper titled Unintended consequences of smart thermostats in the transition to electrified heating, researchers discovered that most people don't bother changing the default heating times on these thermostats. As a result at 6am, the strain on the electricity grid peaks as every thermostat clicks on. Akin to launching an inadvertent DDoS attack. Of … Continue reading Smart thermostats, Rabbits, and TV Pickup →

BMW charging an $18 subscription for heated seats

BMW, a brand known for its amazing cars, a model for everyone - built with the infamous German engineering and now offering a whole bunch of options as a monthly subscription. In some ways it makes sense. Streamline your production and build each and every car with the exact same hardware, but then limit options … Continue reading BMW charging an $18 subscription for heated seats →

Rolling Pwn lets you drive a Honda without the keys!

The Rolling Pwn vulnerability can be used against some keyless Honda's to unlock, start and drive off. It allows you to eavesdrop on a remote key fob from about 100 feet away (which for my American friends is the distance from pitchers mount to the outfield grass). On Twitter, @RobDrivesCars replicated the bug in a nice video … Continue reading Rolling Pwn lets you drive a Honda without the keys! →