Skip to content
Glock Enterprises
  • Welcome
  • Blog
  • Resources
  • Support

Be Aware

US And UK Governments Issue Update Now Warning For Windows, macOS And Linux Users

8th October 20198th October 2019 peterglock

Use VPN software? Update everything and consider password changes…: […] The NCSC mitigation advice is, unsurprisingly, to apply the latest updates released by the vendors concerned. The NCSC acknowledged that […]

 Be Aware, Information Security  Glock Takes Stock

Data breach at Russian ISP impacts 8.7 million customers

8th October 20198th October 2019 peterglock

Wow. This happened 2 years ago. It’s fortunate for Beeline that these are not European ‘natural persons’ otherwise the full wrath of GDPR would be upon them…: […] Beeline, a […]

 Be Aware, Information Security, ZDNET  Glock Takes Stock

Deepfake videos ‘double in nine months’

8th October 20198th October 2019 peterglock

When deepfakes were talked about last year, the speculation was that they would be used for political nefariousness.  It’s ‘mostly porn’, what a surprise!…: […] The research comes from cyber-security […]

 Be Aware, Information Security  Glock Takes Stock

Britain’s first ‘deep fake’ fraud: Energy executive conned into handing over £200000 to thieves who …

7th October 20197th October 2019 peterglock

This has been on the cards ever since the first ‘deep-fake’ videos came to light. Trust, but verify…: […] A British energy executive was tricked into paying more than £200,000 […]

 Be Aware, Information Security  Glock Takes Stock

WatchGuard releases cloud-based service to automatically block phishing attempts

7th October 20197th October 2019 peterglock

I sat next to a security manager for an academic institution in Latvia last week and asked him what he was doing to protect his network seeing as he had […]

 Be Aware, Technology  Glock Takes Stock

Law Firms Failing To Implement Cyber Essentials

7th October 20197th October 2019 peterglock

This was taken from an advert by a company that specialises in risk management in the legal sector. If only 8% of law forms have bothered with the most basic […]

 Be Aware, Information Security  Glock Takes Stock

Cyber security: Top 5 password mistakes people make

7th October 20197th October 2019 peterglock

Use a password manager (Apple and Google have their own built-in), and Multifactor Authentication wherever possible. Don’t do these…: Professor Matt Warren’s top 5 password mistakes people make: 1. Share […]

 Be Aware, Information Security  Glock Takes Stock

Survey Suggests Ransomware Broadening Perceptions of Cyber Risks

4th October 20194th October 2019 peterglock

It seems that the message is (finally) getting through…: […] Corporate risk managers are increasingly focusing on protecting their enterprises from business interruption after a series of ransomware attacks on […]

 Be Aware, Cyber Insurance  Glock Takes Stock

Facebook’s Zuckerberg defends decision on encryption

4th October 20194th October 2019 peterglock

In a nutshell…: “Every couple of years, the FBI rears its ugly head and tells us they need to have access to end-to-end encrypted messaging,” said Eva Galperin, director of […]

 Be Aware, Opinion, The Telegraph  Glock Takes Stock

Ethics Rules for Using Social Media in Legal Matters

4th October 20194th October 2019 peterglock

The same rules apply to employers e.g. don’t force your employees to ‘friend’ you…: Social media is increasingly important in eDiscovery, employment investigations and jury research. Using social media in […]

 Be Aware, Cyberlaw, JD Supra  Glock Takes Stock

Posts navigation

← Older posts

Recent Posts

  • Should I be worried about MFA-bypassing pass-the-cookie attacks?
  • Cyber security labelling scheme expanded to include all smart home devices
  • 2021: The Year We Kick the Dogs Off the Internet
  • Ongoing ransomware attack leaves systems badly affected, says Scottish environment agency
  • Stolen Employee Credentials Put Leading Gaming Companies at Risk of Severe Cyber Attacks

Get in touch

Email: [email protected]


View Glock Enterprises Ltd profile on Ariba Discovery

Data Protection Register

Registered with the ICO: ZA494319

About

Glock Enterprises Ltd. Registered in England & Wales No. 11183883

VAT No: GB 361 2795 89

All content (c) Glock Enterprises Ltd 2020

Pages

  • Blog
  • Privacy Policy
  • Resources
    • Free Trial – Private Threat Intelligence
    • White Paper: Building a Business Case for Cybersecurity Asset Management
    • White Paper: Cyber Deception – Migrating to an alternative platform
    • White Paper: Hunting for Threats in Operational Technology
    • White Paper: Internet Connected Storage
    • Whitepaper: 5 Steps to Building a Threat Modelling Program for AWS
    • Whitepaper: Coping with a flood of Data Subject Access Requests
  • Services
  • Support
  • Welcome

The Latest from Facebook

Glock Enterprises Ltd

9 hours ago

Glock Enterprises Ltd
Should I be worried about MFA-bypassing pass-the-cookie attacks?TL;DR Yes. Time for a cookie review and a bit of user education otherwise the effort of moving to multi-factor authentication will have been wasted...:[...] “Thinking that MFA magically makes you unhackable is even more dangerous than not using MFA. Unfortunately, most MFA implementers and certainly most users don’t understand this. For example, I can send anyone a phishing email and get around their MFA solution and if you don’t know that, you might not pay as much attention to what URL you’re clicking on.”[...]Cerberus Sentinel’s Espinosa said: “The way to mitigate the MFA pass-the-cookie vulnerability is with better cookie management and better user training.“Specifically, cookies should be set with a short lifespan and should be for a single session, so when the browser is closed, the cookie is voided. Users should be trained to log off the web application and close their browser after they are done using the web application. Many users never logoff or close a browser – this increases risk.“The bottom line is there is no single way to fix the pass-the-cookie problem, unless you force a user to reauthenticate more frequently for different web application functionality. This diminishes the user experience though,” he said.[...]Original article buff.ly/360rdLU ... See MoreSee Less

Photo

View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

Proudly powered by WordPress | Theme: Moesia by aThemes