SCUBA now scans Google
Read More: SCUBA now scans GoogleSCUBA is not Scuba, one is a pursuit I would like to try one day and the other is something to deetect misconfigurations and some security vulnerabilities in a cloud environment (the one in all CAPS). CISA SCUBA is maintained and is free, it works for Microsoft 365 environments and now they have updated for…
Data Cleansing and Large Language Models
Read More: Data Cleansing and Large Language ModelsData Cleansing and Large Language Models, what is great about large language models for enterprise is also what is potentially most problematic. Training an LLM using your data will bring amazing upsides to productivity, for example, maybe I have a customer who requires my assistance to build out a programme of work for a project.…
Consulting Integrity
Read More: Consulting IntegrityConsulting with Integrity is critically important in my industry of Cyber Security, there are many consultants preaching to be what they are not, “knowledgeable” people. The Cyber security industry is fully of vendors and sellers trying to position security tooling as a solution to a cyber risk problem. I want to share a recent story…
Targeted Business Email Compromise through weaponising your own tenant!
Read More: Targeted Business Email Compromise through weaponising your own tenant!Targeted Business Email Compromise through weaponising your own tenant!, As we in the ‘Industry’ are well aware, 90% of Cyber security incidents start with email, its simple, we all use it and an email attack targets the weakest link in our security posture, me and you. During the past month an old/new cyber criminal attack…
Occams razor – When an attack is unknown?
Read More: Occams razor – When an attack is unknown?Occams razor – When an attack is unknown? This is a true story with a recent Managed Service Providers customer: Customer was breached, bank account details changed and a significant amount of money was transferred from the business account. I am not using industry or amounts to keep this anonymous, this tale though illustrates something…
Splunk, assassinated by Cisco – RIP
Read More: Splunk, assassinated by Cisco – RIPCisco to acquire Splunk? good news? not if you are a Splunk customer, not if you are a Cisco customer either….. Splunk was one of those brands that I could not get my head around, a name that seemingly means nothing to Americans but to others on the global stage, almost dirty but not quite.…
A picture is not always worth a thousand words
Read More: A picture is not always worth a thousand wordsA picture is not always worth a thousand words, cyber security vendors please take note Question: When is a picture NOT worth a thousand words? Answer: When it has no context Just like my photo, it has no context and therefore would by of little interest to anyone who wasn’t on the same trail with me…
Security Controls
Read More: Security ControlsSecurity controls are not optional and after another cyber security breach that led to a business I have worked with (not as their security consultant) suffering a “CryptoJacking” event where they lost $40,000 US dollars I though the following comment might be necessary. MFA as a Security Control Multi-factor Authentication, as a security control it…
Supply Chain risk
Read More: Supply Chain riskThere has been a number of supply chain attacks recently including MoveIT and 3CX, these cyber attacks can be immensely costly and at the lest distressing for the businesses involved. For the software provider though these breaches can and often do have disastrous impact on their business, which could have been avoided by following a…
From Backup to resilient cyber security
Read More: From Backup to resilient cyber securityIn the Beginning From Backup to resilient cyber security: Best practises for Information Technology such as “Least privilege access”, “Admin account segregation”, “Operating system patching”, “Multi-factor authentication”, even “Patching and updating applications” have been around for many years, undertaken as ritual by many Information Technology departments within businesses across Australia as best practise maintainence, without…