A selection of this week’s more interesting vulnerability disclosures and cyber security news.

Information leaks are becoming more covert from government methods up to the bad guys. Often they are only found after a mistake is made and all hell breaks as people jump in looking for who, what and where the leaks are. We may only hear after when a huge data dump occurs after a long creep around a victim’s network yields a bounty for the hacker, but even so, they don’t necessarily apply to the big boys. All this malware wrapped up in fake or spam email we see every single day can so easily let them in. Talking with friends recently who underwent a pentest found, and this surprised me, that it was the management who seemed the most guilty of falling for a spearphishing email, the lower level staff actually asked questions if their email was valid.

Perhaps this difference is due to the fear that the lower level staff would get the sack if they were the ones to let the hackers in and so are more cautious? Maybe. Keep an eye on all suspicious and out of context email or conversations (social engineering). You just never know. Oh, and don’t go plugging in any USB sticks you happen to find in the street – so many do.


Weekly Cyber Security News 02/09/2016