

In recent years legal and accountancy firms have been increasingly targeted as a pivot point to access data for larger organisations that are clients of these firms. This is because it is understood that associated legal and accountancy firms may not have the level of rigour in terms of cybersecurity that their clients may have implemented. Unfortunately, these firms may hold or be custodians to very sensitive data, but not have the controls to protect it. You can outsource the service, but you
.....Read More
The majority of ransomware attacks happen because of a combination of two factors: an unpatched, known vulnerability and an element of social engineering that enables attackers to execute a payload on an internal network.
The first factor is preventable with a strong patch management strategy and by improving visibility through regular vulnerability scans. Only by seeing where security weaknesses are can a security team fix them before they can be exploited. The second factor is much
.....Read More
Unsecured servers are not uncommon and this comes down to a lack of visibility and asset monitoring. One foundation of security is visibility, so it is essential to know what your estate looks like and what needs to be secured. With the cloud deployment model, systems can be spun-up and deployed in minutes, but they can also be easily forgotten about, leaving an organisation open to exposure. Organisations should implement continuous asset profiling & alerting, which is in real-time and
.....Read More
This is just another example of extremely poor IoT security, similar to how some of the Android BusyBox deployments got hacked in 2016, which later led to a rapid increase in the scale and bandwidth utilised during DDoS attacks.
Previously, this was referred to as a misconfigured admin panel, while now it’s described as a backdoor. The root cause appears to be nearly the same, default credentials on an unspecified port. Should these devices have this capability, who has access, and why do

End-to-end encryption should be standard, not something people have to opt in to, in my opinion. Consumers who purchase IoT devices such as Ring may not be savvy enough to consider the implications of no end-to-end encryption. Vendors should provide strong security controls when it comes to the protection of consumers privacy, and these should be enabled by default. Not enabling end-to-end encryption in relation to physical security devices such as Ring may lead to unauthorised monitoring of
.....Read More




