Posts by Ryan Norfolk

Increase of 37 percent from Q4 2019 to Q1 2020 attributed to creation of remote workforce due to COVID-19 stay-at-home orders. The rate of mobile phishing rose sharply between the last quarter of 2019 and the first quarter of 2020, a boost most likely due to the increased number of people working from home due to COVID-19…

An attack over the weekend unsuccessfully targeted 1.3 million WordPress websites, in attempts to download their configuration files and harvest database credentials. Attackers were spotted targeting over one million WordPress websites in a campaign over the weekend. The campaign unsuccessfully attempted to exploit old cross-site scripting (XSS) vulnerabilities in WordPress plugins and themes, with the goal…

As lockdowns start to ease in many countries, so the tentative return to work begins, leaving people understandably concerned about how safe a space an office will be in the middle of a global pandemic. Alongside some mouldy old food in the communal fridges, there is likely to be an increase in the amount of…

People have forwarded more than 160,000 suspicious emails to a scam-busting service, leading to 300 websites being shut down. The Suspicious Email Reporting Service was set up two weeks ago by the UK’s National Cyber Security Centre (NCSC). It received 10,000 reports in just one day, after being promoted on ITV’s Martin Lewis Money Show,…

Automated attacks on Remote Desktop Protocol accounts are aimed at taking over corporate desktops and infiltrating networks. A rash of brute-forcing attempts aimed at users of Microsoft’s proprietary Remote Desktop Protocol (RDP) has come to light, striking millions per week. The attacks are a likely offshoot of cybercriminals looking to take advantage of the unprecedented…

A sophisticated, ongoing espionage campaign aimed at Android users in Asia is likely the work of the OceanLotus advanced persistent threat (APT) actor, researchers said this week. Dubbed PhantomLance by Kaspersky, the campaign is centred around complex spyware that’s distributed via dozens of apps within the Google Play official market, as well as other outlets…

Notorious malware Trickbot has been linked to more COVID-19 phishing emails than any other, according to new data from Microsoft. The Microsoft Security Intelligence Twitter account made the claim on Friday. “Based on Office 365 ATP data, Trickbot is the most prolific malware operation using COVID-19 themed lures,” it said. “This week’s campaign uses several hundreds of…

Two-thirds of remote workers in the UK haven’t received cybersecurity training over the past year, raising fears that they may be more susceptible to attacks as hackers adapt their tactics during the current crisis. Norwegian app security firm Promon polled 2000 remote workers to better assess where organizations may be exposed during the pandemic. It found that,…

Because Office 365 is in the cloud you may be fooled into thinking that you don’t have to further back up your data.  While Office 365 is secure, it may not offer the backup potential that your organisation requires, protecting your data is your responsibility, not Microsoft’s! So how should you approach data backup?  Try…

As businesses seek more flexible, innovative ways of working many workplaces are using more endpoint devices such as phones, laptops and tablets than ever before. Keeping these devices secure is essential, as each device represents a potential source of entry for security threats. Managing and securing a high number of devices can feel like a…