Information Security is complex. Understanding risk and implementing appropriate mitigating controls, be they technical or otherwise, is a challenge for organisations of any size. There is no getting away from that, but witchcraft?
by Dr. Grigorios Fragkos, VP Cybersecurity At the beginning of 2016 we warned our readers about the increasing threat of ransomware and provided advice on having an incident response plan that is ready to face this emerging threat. Our article focused on tips related to prevention, response and evading extortion. If you did not have […]
by Natasja Bolton, Acquirer Support Manager, Risk and Assurance Division In part 1 last week, I discussed how businesses may be putting themselves at risk by assuming that ‘PCI DSS compliant’ also meant secure, (for part 1 please click here). Maybe what we should be doing is encouraging businesses to focus less on compliance as an annual […]
by Dr. Grigorios Fragkos, Senior Information Security Consultant, SysnetLabs It is not the first time a military term is being used by the Information Security community in order to describe an Information Assurance process. Operations Security (OPSEC) is a military term referring to the protection of different types of unclassified information which could end up […]
Logjam attack, a vulnerability that affects a number of major protocols has been discovered. The bug relates to a weakness within a cryptographic algorithm that is used in most protocols (such as HTTPS, SSH, IPsec, SMTPS, etc.) it is possible for a Man-in-The-Middle (MiTM) attacker to read and modify any data passed over the affected encrypted communication. A […]