Are your S3 buckets private?

Alongside checking your backups are working, updating your systems, checking for viruses, and all the other monthly tasks, it’s easy to overlook simple security areas of your network and storage. Over the past few months, there have been a deluge of exposed Amazon S3 buckets which have been exposed or found. The data of 123 … Read more

UK Gov sites hijacked by Cryptominer, and Subresource Integrity

Over the weekend, thousands of websites around the world, including the UK’s NHS and ICO and the US Government Court system, were compromised, and caused visitors to mine crypto-coins – generating money for the miscreants. These sites were using a popular plugin called Browsealoud. Their support software “adds speech, reading, and translation to websites facilitating … Read more

Mozilla Observatory – Test your SSL

Mozilla have put together a tool for testing many areas of SSL security. We’ve recently discussed using the free Let’s Encrypt service to secure your site, but it is also important to ensure the security settings are up to date. “While we’d love to say that any site that scores an A+ on the Observatory … Read more

SEO Exploit via DNS “piggybacking” found in the wild

A recent report out from the ISC (the ‘Internet Storm Center’, a program of the SANS Technology Institute) warns domain owners to check their DNS records. We offer a DNS Records tool on frag.co.uk/tools/ that may be some help to our customers. The report details around 50 organizations that have had new machine names added … Read more