I saw this picture somewhere on social media of these many locks securing the bolt. However, upon closer inspection, you can see that by simply removing any one of the locks, you unlock the whole thing. I hope you'll allow me the opportunity of dragging this out into a cybersecurity analogy. But, sometimes the sheer … Continue reading Security Through Complexity
In Japan, someone registered a trademark for CUGGL as a clothing brand in Japan. GUCCI tried to sue for copyright, but the Japan trademark office stated that CUGGL is not similar enough to GUCCI to warrant enforcement. Well, maybe not in the written word, but what do you think about the partially obscured logo? I … Continue reading GUCCI vs CUGGL
Lloyds of London has told its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels or risk. Hmm so where do we begin to unpack this one? Attribution is never easy, even in the best of times. So who will decide whether an attack is a … Continue reading Lloyd’s to end insurance coverage for state cyber attacks
Twilio was recently compromised after a couple of employees handed over their credentials to an attacker. The unsuspecting employees were targeted by a Smishing attack in which they received a text message on their phone saying their passwords had expired and they needed to re-authenticate. A useful link was provided which took the employees to … Continue reading Twilio smished – SMS is the new achilles heel
Group-IB have published a very well researched report on fake investment scams in Europe The scam follows a well-established set of steps:1. The bogus come-on is published on social media.2. The victim is taken to a phony investment website.3. The victim enters personal information in a form on the scam site.4. A call center contacts … Continue reading Get rich in Europe for €250 (or lose it all and your personal data)
I saw this post on linkedin and was part disgusted, but also slightly admired the professionalism and thought that went into this scam. An unsuspecting victim was sent a USB drive that for all intents and purposes looked like it came from Microsoft. The packaging and logo all looks legit. This is where people's biases … Continue reading Microsoft sent you a USB stick – what would you do?
Some interesting research from Malwarebytes Labs. The first was around verified Twitter accounts receiving direct messages apparently from Twitter which claimed their accounts had been flagged for hate speech. They would then be redirected to a fake Twitter help centre to input their login credentials. The second was a Discord phishing campaign where people would recieve … Continue reading Verified Twitter accounts phished via hate speech!
We see many discussions these days around deep fakes and how AI will be able to create content that the human eye cannot spot as being fake, leading us to be easily manipulated. However, the reality is that people can be fooled far more easily. The BBC reports that a fake IPL Cricket match was … Continue reading Fake cricket, real betting – story of a not so deep fake
BMW, a brand known for its amazing cars, a model for everyone - built with the infamous German engineering and now offering a whole bunch of options as a monthly subscription. In some ways it makes sense. Streamline your production and build each and every car with the exact same hardware, but then limit options … Continue reading BMW charging an $18 subscription for heated seats
The Rolling Pwn vulnerability can be used against some keyless Honda's to unlock, start and drive off. It allows you to eavesdrop on a remote key fob from about 100 feet away (which for my American friends is the distance from pitchers mount to the outfield grass). On Twitter, @RobDrivesCars replicated the bug in a nice video … Continue reading Rolling Pwn lets you drive a Honda without the keys!￼