Ransomware, as discussed in an earlier post, is software that captures or makes unavailable your information or systems, until payment is made. Cloudsek.com reports that there is ransomware named GoodWill that encrypts data and systems, but instead of demanding payment to the attackers, demands that the victims perform acts of kindness, in order to get…
What is two-factor authentication? What is two-factor authentication (2FA) or multi-factor authentication (MFA)? This is what we will briefly define today. What is authentication? Let us start with the last bit. Authentication is the process of proving that something is true or valid. In our context of information security, it is the process of confirming…
Towards the end of last month, October 2021, I needed to pay land rates for some property in Nairobi. Previously, I have been able to do this by logging in to a Nairobi City Council web portal, entering the property identifier and seeing the amount due, then paying via M-Pesa, all quite easily. However, after…
The Vulnerability The US state of Missouri has a web application that allows the public to search for and view teacher certifications and credentials. A journalist found that by viewing the HTML source of the application, you could also see teachers’ names and Social Security Numbers. The journalist’s newspaper reported the vulnerability to the state…
Information security is primarily about protecting the confidentiality, integrity and availability of information, and by extension, that of information systems. On October 4th 2021, Facebook and its services such as Instagram and WhatsApp were globally unavailable for about six hours. No one was able to access or use the services for that time and even…
What Is Ransomware? Ransomware is a type of malware (malicious software) that is used to encrypt or scramble files on a computer system, thus making the system unusable, after which the attacker demands payment (ransom) in exchange for enabling the victim to decrypt and regain access to the files. Instructions are normally given that the…
An interesting story. A customer at McDonald’s UK transacted with the company and received an email with database credentials. Like a good customer, he tried to reach the company to make them aware of the exposure. And he tried. And tried. It seems McDonald’s needs to review and streamline their incident response process (if any),…
The Situation We use passwords on many different websites in modern life. You probably have several different accounts that you log in to using a username and password. For example, you may have: A Gmail address A Yahoo (or even Hotmail!) address, especially if you are of a certain age group 🙂 A work or…
According to court records, in May 2021 in New York, USA, a credit union employee was fired. She had been working remotely and had a username and password that granted her access to the union’s systems. When she was fired, an employee at the union requested the union’s IT support firm to disable the fired…
An August 2021 news report says that a Los Angeles man pleaded guilty to the charge of gaining unauthorised access to at least 200 accounts of iCloud users. He had obtained at least 4,700 account IDs and passwords. How did he do this? He did it by social engineering. Social engineering is basically an attacker…