I had an unusual experience when using an Integral Crypto FIPS 197 device on a new laptop. This particular device uses TotalLock.exe on a read-only CDFS partition to enter the decryption key (password) to mount a hidden partition.

When I went to access the device, i.e. run TotalLock.exe

On Security

Round up of Information and Cyber Security news from the 5th of December to the 11th December.

Photo by Austin Distel on Unsplash

Hiding Malware in Share Buttons

Some creative individuals have found a way of hiding card skimming malware in the sharing buttons used on various websites. A timely reminder to know what 3rd parties you us and what they might be vulnerable to.

Google, Adobe, Valve and Microsoft Patches

Both Google and Microsoft emitted a slew of updates in the last week…

Photo by Daniel Stub on Unsplash

Mouse

I bought a Razer Basilisk V2 when it was on Cyber Weekend deals on Amazon; paid £32 for it, which is pretty good for fairly decent mouse, I see plenty of people using Zowie Mice which either means they are sponsored by BenQ/Zowie or they are really the best mice…

Round up of Information and Cyber Security news from the 28th of November to the 4th December.

Photo by seth schulte on Unsplash

Threat Hunting with JARM

SANS comes through with an article on using JARM to hunt threats; this is an area I have started getting interested in given the increased threat landscape we find ourselves in.

If you know code is vulnerable, would you ship it?

Dark Reading goes into some detail on the critical factors why vulnerable code is shipped in the first place.

COVID-19 Drives Infosec in 2020 and beyond

On Security

Round up of Information and Cyber Security news from the 21st of November to the 27th November.

Photo by Marcin Kempa on Unsplash

Proactive Security and Threat Modeling

Manifestos have become a mainstay of information technology with everyone publishing a manifesto articulating the what a group of people subscribe to; generally of the form “we prefer this, over that”.

On Security

Round up of Information and Cyber Security news from the 14th of November to the 20th November.

Photo by Efe Kurnaz on Unsplash

I’ll just sneak this into your in-tray

Crafty sellers on the dark web have found a way to sneak e-mails into your inbox without sending them across the internet. This renders tools like Mimecast ineffective against this kind of attack; all is not lost however as the user would need to be phished before this could work.

On Security

Round up of Information and Cyber Security news from the 7th of November to the 13th November.

Photo by Andrey Trusov on Unsplash

Victim Blaming in Information Security

Starting off this week on a low note, in my opinion, is the disturbing revelation that in 2020 we still think shaming people is an effective strategy to defend against phishing attacks. …

On Security

Round up of Information and Cyber Security news from the 31st of October to the 6th November.

ENIGMA machine in a display case.
Photo by Mauro Sbicego on Unsplash

I was due to be going away this weekend so I had planned to delay publishing this until Monday; however due to a new national lockdown in the UK, I am no longer able to travel. …

On Security

Round up of Information and Cyber Security news for Week 44 of 2020.

Photo by marcos mayer on Unsplash

IT moves to a zero-trust, decentralised model (Saturday)

Looks like Google were on the right track with BeyondCorp as Coronavirus has very succinctly put the “impenetrable border” approach to IT Security on notice. …

Photo by David von Diemar on Unsplash

On Security

Chrome bugs on small screens, ethics, cloud application and sooty.

Cyber-villains Targeting Office 365 and G-Suite users (Monday)

Given the impacts of COVID-19 and Working from Home a necessity for many in the industry; cyber attacks this week have leveraged vulnerabilities in well known brands including the RAC. The article has good advice for Security and Operations teams to configure their mail-filters appropriately:

Tesla AutoPilot can be tricked with subliminal messages (Monday)

A couple of frames in…

Richard Slater

Christian, geek, consultant and leader with a passion for DevOps, Cloud and InfoSec. Writes because of writing help me think, and thinking helps me write.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store