security

IoT

IoT Devices That make Security Pros Cringe

Just your average information security researcher from Delaware US.

In cybersecurity, if it isn’t one thing, it’s another 14.4 billion things that’ll get ya. That’s about how many Internet of Things (IoT) devices will proliferate globally by the end of the year, according to some analyst estimates. As a body, this is arguably one of the most rapidly spreading and poorly secured threat surfaces …

IoT Devices That make Security Pros Cringe Read More »

cve-2022-38970

ieGeek Security Vulnerabilities still prevalent in 2022 IG20

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

Amazon’s “highly rated”, “recommended” ieGeek brand continues to present a number of security vulnerabilities. ieGeek Security Vulnerabilities On the 19th of Aug 2022 I set out to purchase a CCTV Camera from Amazon, I read over the reviews of the ieGeek IG20, and it seemed great, the value too. For just £29.99 I’d get myself …

ieGeek Security Vulnerabilities still prevalent in 2022 IG20 Read More »

security

APISec: Broken access controls, injection attacks plague the enterprise security landscape in 2022

Just your average information security researcher from Delaware US.

API-related security vulnerabilities continue to be a thorn in the side of organizations, with access control flaws now associated with high-severity CVEs. According to a new whitepaper published by API security firm Wallarm, titled ‘API vulnerabilities discovered and exploited in Q1-2022’, a total of 48 API-related vulnerabilities were found and reported in the first quarter. Based …

APISec: Broken access controls, injection attacks plague the enterprise security landscape in 2022 Read More »

cybersecurity news

Comparing Twilio and Slack breach responses

Just your average information security researcher from Delaware US.

We recently learned about major security breaches at two tech companies, Twilio and Slack. The manner in which these two organizations responded is instructive, and since both of them published statements explaining what happened, it’s interesting to observe the differences in their communication. How did Twilio respond to its recent breach? Out of the two companies affected by …

Comparing Twilio and Slack breach responses Read More »

CyberSecurity

New Traffic Light Protocol (TLP) standard released after five years

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

The Forum of Incident Response and Security Teams (FIRST) has published TLP 2.0, a new version of its Traffic Light Protocol (TLP) standard, five years after the release of the initial version. The TLP standard is used in the computer security incident response team (CSIRT) community to facilitate the greater sharing of sensitive information. It also indicates …

New Traffic Light Protocol (TLP) standard released after five years Read More »

Targeted attacks on industrial enterprises and public institutions

Targeted attacks on industrial enterprises and public institutions

Just your average information security researcher from Delaware US.

In January 2022, Kaspersky ICS CERT experts detected a wave of targeted attacks on military-industrial complex enterprises and public institutions in several countries. In the course of our research, we were able to identify over a dozen of attacked organizations. The attack targeted industrial plants, design bureaus and research institutes, government agencies, ministries and departments …

Targeted attacks on industrial enterprises and public institutions Read More »

DDoS

Akamai: We stopped record DDoS attack in Europe

Just your average information security researcher from Delaware US.

A ‘sophisticated, global botnet’ held an Eastern European biz under siege over 30 days Akamai Technologies squelched the largest-ever distributed denial-of-service (DDoS) attack in Europe earlier this month against a company that was being consistently hammered over a 30-day period. According to the cybersecurity and cloud services vendor, the height of the attack hit on …

Akamai: We stopped record DDoS attack in Europe Read More »

Many wireless peripherals are vulnerable to a range of attacks, here's an example!

Many wireless peripherals are vulnerable to a range of attacks, here’s an example!

Just your average information security researcher from Delaware US.

Wireless peripherals and computer accessories offer mess-free convenience in the workspace, allowing users to move keyboards and mice to a more comfortable or visually pleasing position or to switch between computers at the press of a button. However, unlike other types of USB devices that IT departments vet – such as USB flash drives, card …

Many wireless peripherals are vulnerable to a range of attacks, here’s an example! Read More »

NSA

NSA Publishes Top Practices for Improving Network Defenses

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

The National Security Agency (NSA) this week published a set of best practices for organizations looking to improve the overall security of their networks The guidance is meant to be generic, applicable to a broad range of network devices, and should help administrators prevent adversaries from exploiting their networks. According to the NSA, organizations looking …

NSA Publishes Top Practices for Improving Network Defenses Read More »

U.S. Gov Issues Stark Warning

U.S. Gov Issues Stark Warning, Calling Firmware Security a ‘Single Point of Failure’

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

U.S. government warns that firmware presents “a large and ever-expanding attack surface.” The U.S. government, at the very highest levels, is calling attention to major weaknesses in the firmware supply chain, warning that the layer below the operating system is fertile ground for devastating hacker attacks. A new joint draft report issued by leadership of the U.S. …

U.S. Gov Issues Stark Warning, Calling Firmware Security a ‘Single Point of Failure’ Read More »