Skip to content
Glock Enterprises
  • Welcome
  • Blog
  • Resources
  • Support

Who Is Responsible for Protecting Physical Security Systems From Cyberattacks?

15th January 202115th January 2021 peterglock

Examples in this article about fictional and real life compromises outside the ‘normal’ IT world. My clients are very concerned about OT systems being compromised. Take a look at this […]

 Glock Takes Stock, Information Security

Sepa cyber attack ‘likely to be by international organised cyber-crime groups’

15th January 202115th January 2021 peterglock

Reading between the lines this looks like a hybrid attack with multiple objectives. Ransomware is bad enough to deal with but finding the other compromise(s) is made almost impossible when […]

 Glock Takes Stock, Information Security

Pentagon testing office finds problems — again — with network security system

15th January 202115th January 2021 peterglock

Whilst I applaud the power of the audit function there’s obviously something wrong in the requirements and design process that’s stopping the use of a system for four years…: WASHINGTON […]

 Glock Takes Stock, Information Security

Responding to a Cyber Security Breach

15th January 202115th January 2021 peterglock

This is from an article aimed at smaller law firms but the advice holds true even for the largest organisations. We have friends who offer exactly this kind of ‘before […]

 Glock Takes Stock, Information Security

CES 2021: Microsoft’s Brad Smith slams SolarWinds ‘indiscriminate assault’

14th January 202114th January 2021 peterglock

Accurate commentary from the BBC…: […] The SolarWinds hack has stunned and terrified the sector – particularly those who make and sell software to protect us from hacks. The last […]

 Glock Takes Stock, Information Security

Five cyber threats to watch in 2021

14th January 202114th January 2021 peterglock

This is a generic list, much the same as all the other listicles you’ll see. The way they describe the lack of skilled staff issue jumped out at me because […]

 Glock Takes Stock, Information Security

Considering Insurance in the Cybersecurity Equation

14th January 202114th January 2021 peterglock

Once insurance premiums no longer cover losses, expect to see a shift in the market. Time to review your cover…: A large change for the insurance industry came in 2020. […]

 Glock Takes Stock, Information Security

The Future of Cyber Economics

14th January 202114th January 2021 peterglock

A lot of the security projects I get involved in are tied to compliance, rather than a desire to implement best practise or seek competitive advantage by being in best […]

 Glock Takes Stock, Information Security

Hackers Compromise Mimecast Certificate For Microsoft Authentication

13th January 202113th January 2021 peterglock

Expect to see other certificate chicanery over the next weeks and months…: […] Mimecast said it’s asking the 10 percent of its customer base using this certificate-based connection to Microsoft […]

 Glock Takes Stock, Information Security

Parler collapse opens door to phishing attacks

13th January 202113th January 2021 peterglock

Most of the infosec twitterati that I follow are full of glee at the unmasking of various right wing extremists…: The shutdown of controversial social media site Parler, and the […]

 Glock Takes Stock, Information Security

Posts navigation

← Older posts
Newer posts →

Get in touch

Email: [email protected]


View Glock Enterprises Ltd profile on Ariba Discovery

Data Protection Register

Registered with the ICO: ZA494319

About

Glock Enterprises Ltd. Registered in England & Wales No. 11183883

VAT No: GB 361 2795 89

All content (c) Glock Enterprises Ltd 2020

Pages

  • Blog
  • Privacy Policy
  • Resources
    • Free Trial – Private Threat Intelligence
    • White Paper: Building a Business Case for Cybersecurity Asset Management
    • White Paper: Cyber Deception – Migrating to an alternative platform
    • White Paper: Hunting for Threats in Operational Technology
    • White Paper: Internet Connected Storage
    • Whitepaper: 5 Steps to Building a Threat Modelling Program for AWS
    • Whitepaper: Coping with a flood of Data Subject Access Requests
  • Services
  • Support
  • Welcome

The Latest from Facebook

Glock Enterprises Ltd

8 hours ago

Glock Enterprises Ltd
Should I be worried about MFA-bypassing pass-the-cookie attacks?TL;DR Yes. Time for a cookie review and a bit of user education otherwise the effort of moving to multi-factor authentication will have been wasted...:[...] “Thinking that MFA magically makes you unhackable is even more dangerous than not using MFA. Unfortunately, most MFA implementers and certainly most users don’t understand this. For example, I can send anyone a phishing email and get around their MFA solution and if you don’t know that, you might not pay as much attention to what URL you’re clicking on.”[...]Cerberus Sentinel’s Espinosa said: “The way to mitigate the MFA pass-the-cookie vulnerability is with better cookie management and better user training.“Specifically, cookies should be set with a short lifespan and should be for a single session, so when the browser is closed, the cookie is voided. Users should be trained to log off the web application and close their browser after they are done using the web application. Many users never logoff or close a browser – this increases risk.“The bottom line is there is no single way to fix the pass-the-cookie problem, unless you force a user to reauthenticate more frequently for different web application functionality. This diminishes the user experience though,” he said.[...]Original article buff.ly/360rdLU ... See MoreSee Less

Photo

View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

Proudly powered by WordPress | Theme: Moesia by aThemes