Categories : Business | Security

Worm phishing campaign is a game-changer in password theft & account takeovers

A phishing attack taking place against an organization has revealed a crafty method to bounce between victims in a way deemed "ingenious" by a researcher.  On September 29, cybersecurity architect and bug bounty hunter Craig Hays outlined a recent phishing attempt which went far beyond the usual spray-and-pray tactics and basic attempts to compromise a network, to become "the greatest password theft he had ever seen."   In a Medium blog post, Hays detailed how a response team...

read more

Does using SSL make my website secure?

The short answer to the question, does using SSL make my website secure is NO, but it is important to understand why and what SSL actually does, so read on. The biggest misconception by website owners is that an SSL certificate will make their website secure from hackers and malware, which is not true. This stems from a lack of understand about what makes a website secure versus not secure. For example, since July 24th 2018, websites that do not use SSL certificates were marked “Not Secure” in...

read more

Beware NCA National Insurance Scam

NCA National Insurance Scam Just got another new scam call today, this time claiming to be from the NCA. This one is a recorded message claiming to be from the national crime agency (NCA) and stating that they have detected some illegal activity on my name and national insurance number and need to cancel my national insurance number, press 1 to speak to an agent. This NCA National Insurance Scam is just one of many scams where fraudsters are posing as National Crime Agency officers over the...

read more

Your security questions/answers are not secure

We all know we should create secure passwords. But, for all the time we spend worrying about our passwords, there’s a backdoor you never think about. The security questions/answers that you provide to get back into your account if you lose your password are usually easy to guess or find out in order to bypass your passwords. Thankfully, many services are realizing security questions are very insecure and axing them. Google and Microsoft no longer offer security questions for their accounts —...

read more

What is spear phishing and how to avoid it.

We have all heard by now of the term phishing and how it works, where a generic email is sent with an encrypted URL or attachment and when it’s clicked “BOOM”… you have been caught. But, over the last few years we have seen a significant rise in spear phishing. Spear phishing is technically the same but with a more direct and targeted approach. The hackers will spend time looking into an individual or a small group of people’s own lives, interests and job role and create an email...

read more

10 tips for securely working from home

10 tips for securely working from home Working from home has now become a requirement for most office workers due to the corona virus pandemic, which has required companies to close their offices to keep their staff isolated. Many companies are also making the decision to maintain this working environment even after the pandemic. Unfortunately those unscrupulous cyber criminals are also taking advantage of this situation and are actively targeting home workers, knowing full well that their...

read more

How to create multiple profiles on Google Chrome

Google Chrome is the most widely used browser in the world, so there is a good chance you are using this as your main browser. What you probably didn’t know is that you can create multiple profiles. It is a good idea to do this if you share your device with other people (kids, family) without the need to create a new Windows user account. Also, the ability to use multiple profiles can come in handy if you use your PC for both work and personal use and need to keep everything separate. This...

read more

Lets Encrypt vs Paid SSL Certificates

In an age where internet security is more important than ever, it’s vital to let people know that your site is safe to use. A Secure Sockets Layer (SSL) certificate is a type of website encryption key that encrypts data between the visitor's browser and the server. Fortunately, there are many different SSL options you can use. Let’s Encrypt is a free and open-source Certificate Authority (CA) that offers SSL certificates to anyone who has a domain name. Paid SSLs offer the...

read more

cURL error 60: SSL certificate problem: unable to get local issuer certificate

I have had this "cURL error 60: SSL certificate problem: unable to get local issuer certificate" error occur a few times now on my Windows server with my WHMCS installations. It primarily has affected payment gateways which are using curl to communicate, which in my case was Go Cardless. Not being a PHP developer, I always tend to forget the cause of the problem when it crops up, so hopefully, this will serve as a reminder to myself as well 🙂 The reason for this error is that curl needs a...

read more

How to Prevent Bypassing CloudFlare

Cloudflare is a free DNS proxy service and has become the ubiquitous solution for any small website/business (as well as hackers, warez, porn or any controversial blogger sites) that want to hide their IP address and by extension, their hosting provider by hiding behind a proxy server. In addition to the anonymising proxy service, it also has a bunch of neat caching, website performance and security features and DDOS protection too which can be a super-easy way to improve the performance and...

read more

Subscribe to my blog