The world has changed, and the CIS Controls have evolved to reflect those changes. The increased use of cloud computing, remote working, virtualisation, and outsourcing have all redefined and blurred the edges of the corporate network. The latest version 8 of the CIS Controls provides a practical framework for organisations of all sizes to identifyRead more
Blog
Understanding the principles of Zero Trust Security will help Security and Network Managers evolve their network design to better defend against new and emerging cyber security threats and increased remote working. To understand and appreciate the benefits of the Zero Trust approach, we need to consider the limitations of more traditional network designs that ZeroRead more
Quantum Computing may sound like science fiction, but this week Google announced their plan to build a ‘useful’ quantum computer by 2029. So how do Quantum Computers work, and why should they be on the radar of Security Managers today? Selecting keys and Moore’s Law Before we dive into Quantum Computers, we need toRead more
A report from PaloAlto Networks coins a new security metric: Mean Time to Inventory in order to highlight the incredible speed with which attackers are now targeting new vulnerabilities as soon as they are publicly disclosed. The report is based on three month’s monitoring of 50 million IP addresses owned by global enterprises in orderRead more
Today is World Password Day – the annual reminder to review your password hygiene and consider how to improve the strength and security of your passwords. Here are our top tips to improve your password security – at home and at work. Bill Gates predicted the demise of the password back in 2004 saying: ThereRead more
Recent high-profile security incidents, such as the compromises at SolarWinds and CodeCov and the vulnerabilities in Microsoft Exchange Server, have drawn attention to the risks posed by the software we invite into the heart of our networks and often trust implicitly. The processes and procedures for identifying and mitigating the risks posed by these third-partyRead more
An unauthorised change to a script used by Codecov customers to upload software test results has stolen the credentials and API tokens for thousands of organisation’s development environments. Codecov is a tool used to track what percentage of an application’s source code has been exercised during software testing. To do this, it is integrated into theRead more
As security professionals our job is to safeguard the Confidentiality, Integrity and Availability of the information and assets placed in our care. A Security Incident is anything that happens which places one or more of those aspects at risk. This usually will be as the result of a malicious act such as an attempted networkRead more
SAP has issued an urgent security report after an increase in attacks against unpatched SAP systems using a variety of attack vectors. A new report from SAP and security firm Onapsis details how criminals are targeting mission critical SAP systems which are vulnerable due to security patches not being applied in a timely manner. TheRead more
By using Pass-the-cookie techniques, attackers can access web applications without knowing a userid, password or even the one-time password from a multi-factor system. And if the web application in question is the management console for your AWS, Google or Azure environment then they stolen have the keys to your kingdom. In January 2021, CISA drewRead more
