Author: staff

  • GDPR fine of £183m likely for British Airways

    The Information Commissioner’s Office (the UK’s privacy watchdog) announced its plan to slap British Airways with a record £183 million (238 million €). In September 2018 BA disclosed a breach which affected 500,000 people where visitors on its website were diverted to a fraudulent website and personal/sensitive details including name, billing address, email address and […]

  • Facebook collected 1.5 million users email contacts without consent

    Facebook used to ask new users for their email password as a method of verification. Additionally, it offered to upload their email contact list (e.g. from google contacts). In May 2016, Facebook removed the message that explained the feature to upload contacts, however the underlying feature still remained, which means contact list uploads were automatically […]

  • The NSA Makes Ghidra, A Powerful Cybersecurity Tool, Open Source

    You can’t use Ghidra to hack devices; it’s instead a reverse-engineering platform used to take “compiled,” deployed software and “decompile” it. In other words, it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveal what the software you churn through it does. More details […]

  • Company loses $190 million in cryptocurrency as CEO dies with sole password

    A situation any company should avoid. Sole members having access to information which if lost causes irreparable damage (financial or reputation) to the company. Shared knowledge and information security usually contradict each other when it comes to sensitive data, but having a fail-over method ready is key for a compromise in between. Over $190 million […]

  • 2019 cyber security predictions

    “With great power comes great responsibility.” Uncle Ben to Peter Parker (Spiderman) Happy new year! In the previous years we have seen a lot: ransomware, compromised elections, huge personal data hacks and more. Last year also saw regulations being enacted like GDPR. 2019 wont be any different. Bad guys will remain bad, and will remain […]

  • Non intrusive security audit

    While ethical hack is an intrusive security scan, our non intrusive security audit compliments it by focusing on areas the ethical hack cannot. From getting your processor list in place to data classification, network to data flow diagram, fact finding questions to giving you our results in the form of a risk register, security audit […]

  • British Airways hack could provoke the wrath of the GDPR

    More than 380,000 customer transactions on the British Airways website were compromised by hackers which included credit card information. If it’s determined that British Airways didn’t do enough to protect consumer information, it could be facing a fine of up to 4 percent of its annual revenue (that works out to about £500 million). Read […]

  • I know your secret and have recorded you doing something naughty…

    Earlier this week, one of us received a very disturbing email. It basically said that using a malware they have recorded the individual via webcam watching an adult site. As evidence and to sound more convincing an old password of was revealed. This obviously was a sextortion scandal and we however were at ease as […]

  • It’s our Anniversary. Cheers to security.

    Although the idea of having a proper security division was lingering for long, we finally took the plunge a year back. The plan involved recognising a separate division, building a team, working on a methodology, framework for security review/audit and penetration test, documentation, keeping an audit trail, and even making a new website. On 20/06/2017 […]

  • Indian shirt company’s proactive GDPR compliance

    GDPR is affecting everyone in some form or the other, which was obvious when I received this email on the GDPR compliance process from an online shirt company in India on the 24th of May 2018 (just a day before the law comes in force). They announced they are in the process of GDPR compliance […]