CISO.pm – Cyber Security news and opinion

OpenCanary and the Mirai Password List

Fighting the Tyranny of the Default (login) As the OpenCanary in the Cloud continues to sit with its ports open, waiting for connection attempts, it’s clear to see that a large amount of credentials are…

OpenCanary: One week in Splunk

The OpenCanary has been feeding Splunk via WebHook for over a week now and the statistics are becoming clear. More ports, more protocols means more interest from entities scanning the Internet and attempting to get…

A breakdown of a Homegate scam

Property scams and fake adverts are a nuisance on Homegate; learn how to spot a fake advert, avoid being scammed and leverage Homegate to your advantage.

Improving OpenCanary Logging

The Loggly solution I’ve been using is basic and limited, basically being able to give an overview of the previous 7 days of events. It presently shows 213’000 events with a drill-down to 110’000 login…

The Domain Registration Renewal Scam

One of the domains we own and use received the following notification – actually through the Contact Us form on the website, CAPTCHA and all. The formatting is down to how the online form is…

Stupid Password Requirements

Or lack thereof Some recent experience has resulted in the creation of some accounts on certain SaaS HR recruiting platforms, namely Successfactors and Taleo. As a long-time user of password manager solutions (presently Bitwarden), I…

Best Browser Configuration

Introduction For any user, there are functional requirements of a browser as well as certain privacy and tracking requirements (certainly for the “Haves” accessing the Internet!!). Some functionality can be added as Extensions or Add-ons…

The Canary in the Cloud

OpenCanary 2.0 in Oracle Cloud continues to flourish. The main reporting mechanism is a webhook into Loggly from SolarWinds and it gives an overview of the connection attempts to the Canary along with the ports,…

The LastPass Hack

Background LastPass revealed in December 2022 and in August 2022 that they had been hacked. The two incidents are absolutely related as the criminals who lifted the LastPass customer vaults in December got the secrets…

Load More