Blog

Keep up to date with the latest news and blog posts from Simplify Security.

The Forgetting Curve – Security Training

The Forgetting Curve – Security Training

It’s something we all know instinctively, if a whole load of new information is thrown at you, your recall of it will be somewhat cloudy one week later. This is exactly what German psychologist Hermann Ebbinghaus showed back in 1885 when he developed the forgetting curve. Though his research is over a century old now, the principle remains true today. Most of what you learn will be forgotten within an hour. This...

Possible Okta Breach By Threat Actor

Okta has provided additional information on the timeline of the incident affecting their services. In summary, the Okta service confirmed the breach by Lapsus$ group yesterday. As per Okta has confirmed 'The Okta service is fully operational, and there are no corrective actions our customers need to take.' Okta has also concluded that a small percentage of customers - approximately 2.5 percent - have potentially...

UPDATE: CVE-2021-44228 Apache Log4j 2 RCE – log4shell

UPDATE: CVE-2021-44228 Apache Log4j 2 RCE – log4shell

Since the news of this critical RCE (CVE-2021-44228) in Apache log4j was made public on Friday, Simplify Security's MTR team has been investigating activity to improve detection and response capabilities. As a quick summary, this vulnerability results from how log4j handles processing log messages when sent a specially crafted message by an attacker. This can result in loading an external code class and...

UPDATE: CVE-2021-44228 Apache Log4j 2 RCE – log4shell

CVE-2021-44228 Apache Log4j 2 RCE – log4s

On December 9, 2021, the Apache Log4j project’s GitHub publicly disclosed a high severity vulnerability that impacts Apache Log4j 2 versions 2.0 to 2.14.1.   The vulnerability allows for unauthenticated remote code execution on Log4j 2, an open-source Java logging library used as a dependency by numerous enterprise applications and cloud services. Currently, there are reports of this vulnerability being exploited...

Introduction to the changes in New Zealand’s Privacy Act

Introduction to the changes in New Zealand’s Privacy Act

New Zealand’s privacy laws haven’t changed since 1993, but technology and the way we live our lives online has changed significantly since then. Around the world, privacy laws are being updated to cover the needs of our changing world, and now it’s New Zealand’s turn. The changes to the Privacy Act cover the addition of a new privacy principle, mandatory reporting on data...

What is phishing and how to stop it

What is phishing and how to stop it

What’s phishing? Malicious emails that look genuine and try to trick you into providing data, spreading malware, or paying money. What are the risks? Phishing has led to massive financial losses, malware infections, and data breaches. How to stop phishing 41% IT and cybersecurity Pros report at least daily phishing attacks. 3 steps to avoid being a victim: 1. Train your users on how to spot and avoid phishing...

How to prepare an Incident Response Plan

How to prepare an Incident Response Plan

In the security world we say that there are 2 types of businesses; those who’ve suffered a cyber attack and those who are yet to suffer one.  The point here is to be prepared as cyber attacks are an unfortunate reality of today’s business landscape.  So how do you prepare? Well, apart from a having a robust security framework you should have a plan in place that outlines how to deal with an incident. A clear...

1/5 (1 Review)
1/5 (1 Review)