Digital data is perhaps the most valuable asset your organization handles, but just how secure, safe, and compliant is it?

Data governance is a crucial element of business IT and one which businesses must comply with. It gives both accountability and responsibility to the data owners, ensuring sensitive data and privacy is correctly handled. This governance can either be internal – such as data policies specific to an organization – or external, such as government or regulatory bodies. The objective of data governance is to secure data and make sure it’s not misused.

Naturally, with cyber crime showing no signs of slowing up in 2024, it’s vital you have a firm understanding of data governance for business IT.

What is Data Governance?

Data governance is a complex set of procedures and policies which can be difficult to get to grips with. However, the basics are simple to understand. A simple explanation for data governance is that it focuses on the strategic management of all the data you hold. By monitoring your data and the way in which it is used, you build defenses around that data. This allows you to minimize the risks associated with data breaches, build trust among your stakeholders, and assist with informed decision making around your data.

The Importance of Compliance

Many industries are governed by strict regulatory requirements e.g. the healthcare industry needs to adhere to the strict framework put in place by HIPAA regulations. Regardless of the industry or regulatory framework, the aim of compliance remains the same. By demonstrating adherence to compliance, you’re underlining the fact that any sensitive data you hold is protected and handled correctly. If your organization fails to hit the benchmarks laid out by external bodies, then you run the risk of some eyewatering financial penalties.

Improving Your Data Security

The best way to maximize your compliance and governance is to enhance your data security. You can achieve this in the following ways:

  • Employee training: one of the most common causes of data breaches is your employees. These are the individuals who are most at risk of falling victim to social engineering, phishing emails, and malvertising threats. Accordingly, you need to implement a robust training schedule for new starters and, for all staff, follow up with refresher courses.

Final Thoughts

With the rise of big data in business, it’s clear that good data governance practices should be a priority for any business. This will allow you to build a strong foundation of data governance to protect both your organization and your customers.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Threat actors have compromised 70,000 previously legitimate websites and created a powerful network capable of distributing malware.

Named VexTrio, this network of compromised websites appears to have started in 2017, but it’s only more recently that details around its activity have emerged. As well as distributing malware, the VexTrio network also utilizes phishing pages, and allows the VexTrio hackers to harvest login credentials. The campaign is a significant one, and one which is powerful enough to cause harm to anyone who gets caught up in its operations. Therefore, it’s time to take a look at the VexTrio campaign to see what we can learn.

Understanding the VexTrio Network

The VexTrio campaign relies on a malicious traffic distribution system (TDS) to lead unsuspecting internet users to compromised websites. A TDS is, in simple terms, a web application used to analyze and filter incoming traffic and, following the analysis, redirect it to a specific page. Typically, the activities of a TDS are facilitated by malvertising activities or malicious websites. VexTrio favors using malicious websites.

Working with a number of affiliates, many of whom offer access to hijacked websites, VexTrio has managed to amass a sizeable network over the last seven years. And VexTrio are very much the middle-man in the operation. For a fee, VexTrio will feed incoming traffic through their TDS and forward innocent victims towards the websites they’re mostly likely to be interested in. It’s very similar to legitimate advertising networks, but with a vicious sting in its tale.

The malicious websites which comprise the VexTrio network contain a wide range of threats. For example, one of the affiliates, known as ClearFake, tricks users into downloading what is claimed to be a browser update, but is little more than malware. SocGholish, another well-known malware threat, is part of the VexTrio network and uses it to push unauthorized access to corporate websites.

Don’t Fall Victim to VexTrio

The threat of VexTrio is a substantial one, and organizations need to be aware of the damage it can cause. Luckily, you can protect yourself and your IT systems by implementing the following best practices:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


A new strain of malware, which contains several different attack methods and is considered a severe threat, has been discovered and named HeadCrab.

The attack focuses its efforts on Redis servers, an open source, in-memory data structure store. In simpler terms, Redis acts as a database, cache, and message broker application which can store data, cookies, and authentication tokens. This means it contains confidential and personal data, which is a currency valued highly by threat actors. Redis is incredibly popular and used by many high-level clients, some of whom include Amazon, Adobe, OpenAI, and Airbnb. Therefore, it’s likely you and your team will visit websites using Redis servers, and you need to stay safe.

Unpacking the HeadCrab Attack

Redis servers appear to have been targeted by HeadCrab due to the fact they’re often exposed to the internet, without any solid authentication in place to protect them. This makes them highly vulnerable and puts any data stored on them at high risk. Using advanced coding techniques, the threat actor starts by taking control of a Redis server. This allows them to then download HeadCrab onto the infected server. This, as the command logs reveal, is a complex process, and one which leaves no stone unturned, highlighting the advanced skills of the threat actor.

With HeadCrab now active on the Redis server, it can get to work. Security researchers, who have reverse engineered HeadCrab, have discovered eight custom commands contained within its module. These allow HeadCrab to set up encrypted communication channels, reconfigure Redis servers, run exclusively in memory to avoid detection, and even run its own blog detailing its current activities and news.

Staying Safe from HeadCrab

Currently, HeadCrab has been detected in over 1200 servers and represents a serious threat. It doesn’t launch its attack using files, instead relying on advanced hacking techniques, so it’s a difficult threat to combat. However, by staying vigilant, your organization can stay safe against the threat of HeadCrab and similar attacks. The best ways to achieve this are:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Russian hackers are using a fake PDF decryption tool to trick innocent PC users into downloading Spica, a new strain of malware.

Discovered by Google’s Threat Analysis Group (TAG), Spica is a backdoor malware which has not been identified previously. It’s believed that the malware is the result of ColdRiver, a Russian hacking team with a proven track record in deploying malware. The attack, as with so many contemporary threats, is delivered by email and relies on malicious PDF files. Now, with close to 350 billion emails sent per day in 2023, it’s clear that email is hugely popular. And it’s estimated there are 2.5 trillion PDF files currently in circulation. Therefore, the chances of your business running into a similar attack is high.

The Threat of Spica

The Spica attack begins when the threat actors send a series of PDF files to their targets. Using phishing email techniques, they attempt to trick the targets into believing that these have been sent by legitimate contacts. These files appear encrypted and, if the target bites, they will email back to say they can’t open the files. This is where the threat actors are able to launch their payload.

By sending a malicious link back to the target, the threat actors can trick them into downloading what they claim is a decryption tool. However, this executable tool – going under the name of Proton-decryptor.exe – is far from helpful. Instead, it will provide backdoor access to the target’s PC. With this access in place, the malware can communicate with a control-and-command server to receive further instructions.

And Spica comes loaded with a wide range of weaponry. As well as being capable of launching internal shell commands on the infected PC, it’s also programmed to steal browser cookies, send and receive files, and create a persistent presence on the machine. Google believes that there are multiple variants of Spica, and the current targets of the malware seem to be high ranking officials in non-governmental organizations and former members of NATO governments.

Shielding Yourself from the Threat of Spica

While your organization may not be listed high on ColdRiver’s target list, the attack methods are familiar and could easily be launched against you at some point in the future. Therefore, it’s in your best interests to integrate the following advice into your cybersecurity measures:

  • Check for spelling/grammar errors: phishing emails are prone to poor grammar and spelling, especially when they originate from non-English speakers. Accordingly, poorly composed emails should be scrutinized closely. Also, watch out for generic and unusual greetings such as “Dear customer” as these may indicate that the email is part of a mass-campaign against unknown targets.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


GitHub is a wildly popular website for developers to create, share, and store their code, but it’s also being increasingly used to spread malware.

Launched in 2008, GitHub quickly became the number one destination for developers. Packed full of features – such as hosting open source code, bug tracking tools, and software requests – GitHub is the perfect one-stop shop for developers looking to collaborate and enhance their software. However, where there’s code, there’s also potential for malware to rear its ugly head. And, in the last few years, GitHub has been exploited by numerous threat actors.

How does GitHub Work?

GitHub is an online repository where developers can come together to pool resources and knowledge to improve their software builds. It may not be something that most of your staff are likely to log on to, but your IT team are likely to use it to manage projects they’re working on. The objective of GitHub is to create a community of friendly developers, but the open membership policy means this doesn’t always go to plan.

Why is GitHub Dangerous?

Threat actors can easily sign up for membership within a matter of minutes, and then they can begin uploading their malicious code under the pretense of being an innocent software project. Quite often, threat actors will sign up with a username previously used by another developer, this is to trick other developers into thinking this is a reputable account. The GitHub community will believe that any repositories uploaded to this account are safe, and they will download them without thinking. And this is when malware can be unknowingly unleashed on unsuspecting networks.

Threat actors are also using GitHub to host command and control servers, which allow attackers to create communication channels into infected devices. Usually, this would be indicated by an unusual domain address in your network traffic. But with GitHub’s credentials being used, this would look less suspicious, especially if you team access GitHub. It’s also convenient, for the threat actors, to use a public service where launching a command control server is much easier than building an infrastructure from scratch.

Finally, GitHub is being used as a storage space for malware, as demonstrated in this fake proof-of-concept software attack. This particular attack allowed the threat actors to exploit a known vulnerability within the Linux operating system, which is commonly used by developers working on GitHub. These attacks can even catch out the security experts, so they underline just how dangerous GitHub can be if you’re not vigilant.

How Can You Work Safely with GitHub?

Threat actors are essentially turning certain parts of GitHub into a malicious website, so it’s crucial you know how to manage this threat. The most effective step you can take is to block access to GitHub on your organization’s network. Your staff are highly unlikely to need to access GitHub anyway, so this makes sense. However, some of your IT staff, and any developers you employ, may still require access to complete their job.

GitHub, of course, isn’t the only legitimate website to be harboring malware. Huge sites such as Dropbox and Google Drive are all capable of delivering malware to unsuspecting members. Therefore, you should only ever download from trusted sources.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More