|
Computing Security Awards
|
|
The 2019 Computing Security Awards, which took place at the Leonardo Royal Hotel, London City by Tower Bridge, were a huge success, with this packed-out prestige venue seeing the achievements of the industry’s top organisations and individuals rightly celebrated. To see who won what – and lap up the atmosphere of a truly gala occasion : https://www.computingsecurityawards.co.uk
| |
|
Industry Insight
|
Bring your devices, not your problems
When staff bring their own devices into work, security can be greatly compromised. Rob Allen, director of marketing & technical services, Kingston Technology Europe, looks at how to meet this challenge |  |
|
Editor's Focus
|
Ransomware strikes entire cities
Governments and healthcare organisations have now become key targets in an increasingly aggressive campaign of ransomware attack |  |
|
Master Class
|
Understanding Data Loss Protection
Steve Watts, CEO of SecurEnvoy, A Shearwater Group plc Company, offers his insights on how the ideal DLP solution can protect all categories of valuable data |  |
Put to the test
The rise of biometrics has brought a rise in hackers trying to fool the system, using spoofs or fake biometrics. Could compulsory standardised testing be the answer? |  |
|
Force United
|
Joining forces in fightback
Email and data security company Mimecast has launched a Cyber Alliance Program designed to align security vendors into an extensive cyber resilience ecosystem |  |
Winning ways
When the UK's largest commercial FTSE 100 property company went in search of a technology partner to deliver at the highest level, it turned to OryxAlign |
 |
|
Upsides and Downsides
|
Riding the learning curve
Artificial Intelligence (AI) applies Machine Learning (ML), deep learning and other techniques to solve actual problems. But there are downsides, too
|
 |
Smoke - with lots of fire!
When a ransomware attack takes place, losses can be measured in millions of dollars and thousands of hours of remediation work. Yet relatively simple measures can prevent most of these
|
 |
|
Product Review
|
Libraesva Email Archiver
Libraesva has a strong pedigree in the email security market and our independent review says that its latest Email Archiver comes up trumps
|
 |
SecurEnvoy SecureIdentity DLP
SecurEnvoy, a pioneer in the field of multi-factor authentication (MFA), has turned this expertise to identity, access and data security management – to great effect
|
 |
edgescan
Deployed as a SaaS (software as a Service) solution, edgescan delivers an innovative 'bionic' defence that powerfully combines machine automation with human intelligence
|
 |
|
|
Welcome to the November 2019 issue of the Computing Security Newsletter.
We’ve long come to recognise that no one is safe from attacks on line and that there are no boundaries beyond which perpetrators will not go. So, it wasn’t at all surprising when an ongoing phishing campaign recently targeted the United Nations and several humanitarian aid organisations, including UNICEF and UN World Food using landing pages impersonating legitimate Microsoft Office 365 login pages.
The campaign has been actively launching attacks since March 2019, according to researchers at Lookout Phishing AI, with the two domains used to host the phishing toolkits and related content being associated with an IP network block and an ASN (Autonomous System Number) that were also used by threat actors to deliver malware in the past.
Among other beleaguered organisations in this phishing campaign, the attackers attempted to steal user credentials from the United Nations Development Programme, the Heritage Foundation, the International Federation of the Red Cross and Red Crescent Societies, and the United States Institute of Peace.
The attackers also use SSL certificates to further increase the illusion that their landing pages are legitimate Microsoft Office 365 login pages. Out of all the certificates used so far in this campaign, the researchers found that only six of them were still valid until mid or late November, a possible clue pointing to the attacks that are still active.
"All major browsers will alert users about the use of expired SSL certificates. As these warnings are very clear (and in fact often hard to dismiss) it would be near impossible to entice a user to enter their login credentials on a site that uses an expired certificate," Lookout says. "As a result, expired SSL certificates observed on some of the phishing sites can provide insight into the time period of the attack."
To make sure you get your copy of the Newsletter emailed to you personally, every time, click here to register.
Brian Wall, Editor
Computing Security
Follow us :
|
|
