While average ransomware claims are much higher, the report warned that vectors like BEC could deliver “death by a thousand cuts”

Read More

In its Top 10 Malware list for October 2022, the MS-ISAC observed the return of Gh0st and Snugy and the debut of SessionManager2.

Read More

This is a really interesting paper that discusses what the authors call the Decoupling Principle:

The idea is simple, yet previously not clearly articulated: to ensure privacy, information should be divided architecturally and institutionally such that each entity has only the information they need to perform their relevant function. Architectural decoupling entails splitting functionality for different fundamental actions in a system, such as decoupling authentication (proving who is allowed to use the network) from connectivity (establishing session state for communicating). Institutional decoupling entails splitting what information remains between non-colluding entities, such as distinct companies or network operators, or between a user and network peers. This decoupling makes service providers individually breach-proof, as they each have little or no sensitive data that can be lost to hackers. Put simply, the Decoupling Principle suggests always separating who you are from what you do.

Lots of interesting details in the paper.

Read More

Almost a third (30%) of applications used by Defra are unsupported, a report from the National Audit Office has revealed

Read More