• Data & intellectual property protection/security, wrt ChatGPT, Bard AI and other tools; What’s your company policy?

    Samsung banned the use of generative AI tools like ChatGPT by its employees after an accidental leak of sensitive internal source code by an engineer.  In January 2023, Amazon warned employees about sharing confidential information with ChatGPT after it noticed responses closely matching its existing material Major banks which include Bank of America, Deutsche Bank, […]

  • Update now! High severity flaws found in Git for Windows, patched

    The Git project released new versions to address some  of the security vulnerabilities that affect versions 2.40.0 and older. Git was patched to address to fix CVE-2023-25652, CVE-2023-29007, Windows-specific vulnerabilities: CVE-2023-25815, CVE-2023-29011, and CVE-2023-29012. The Git for Windows project released new versions including the fixes for all five of these vulnerabilities. Recommendation and workaround The […]

  • WordPress admin security guidelines

    WordPress is a really popular content management system and being so prone to attacks. sapnasecurity team has accordingly released a guideline to help secure your WordPress admin environment. Recommendation Implementing Two Factor Authentication to prevent unauthorised access Implementing Password Policy Manager/enforcement plugins and ensuring usage of strong password for backend and changing it every six […]

  • Email phishing using domain spoofing

    In January 2023, one of our clients reported that a scammer had registered a similar looking domain as that of our client and was using this spoofed domain to send fake invoices to our client’s clients with the scammer’s bank account details.  As an example assume client’s website had the word ‘group’ in it like […]

  • Junk the old methods, adopt easier & modern password practices

    Change passwords frequently Don’t share your passwords with anyone Don’t write it down Add symbols and upper lower plus alphabets and numbers Sounds familiar? Security experts feel the world is very different now and while we should still stick to the general recommendations for passwords, there are some things we can let go of. Change […]

  • Ransomware

    Ransomware is a malware that will either disable access to your data or threaten to publish it. They hold you at ransom unless money is paid off. The data is encrypted using a key the hacker possesses. Without this the data cannot be decrypted. Ransomware can be downloaded onto systems when unwitting users visit malicious […]

  • Potential power blackout in the UK this winter

    Potential power blackout in the UK this winter

    The UK is bracing itself for potential power cuts amidst the energy crisis. The boss of the National Grid John Pettigrew admitted that it’s possible for rolling power cuts (blackouts) as energy supplies run low. Our suggestions below are just a few tips for being better prepared. No way are suggesting that a blackout will […]

  • Incident management and reporting template

    For business continuity every organization should have 2 processes/documents/plans, disaster recovery and incident management. Incident management is exactly what the term implies, managing an incident that could lead to loss or disruption of an organizations processes. Even a small company should have a basic incident management plan which is well communicated with all team members […]

  • Lessons learnt from “Uber Files”

    “Uber Files”: A leak of 1,24,000 internal Uber documents spanning a period between 2013, and 2017. This leak has been damaging to Uber and you can read details on this link https://www.icij.org/investigations/uber-files/frequently-asked-questions-about-the-uber-files/ Few key lessons to be learnt are, Have an incident management team ready which includes top executives and technical and key managers for […]