Once more, we are in the midst of a cyber ransomware attack. Today's target is Synnovis, an NHS blood testing provider that collaborates with several NHS Foundation Trusts, including Guy's and St. Thomas' and King's College Hospital NHS Foundation Trust.........
For the very first time the Italian government coordinated an e-vote for all abroad residents between 12th and 13th of December 2023. This experiment did not have any effect (dummy test). However, as security professionals, SureCloud were curious to see how it was implemented and what cybersecurity issues might arise from a process like this........
Have you ever come across a laptop, server or desktop computer that has Full Device Encryption (FDE) and protected by a password/logon screen that you would like to hack into easily? Well Direct Memory Access (DMA) attacks can easily bypass these security measures given a few preconditions........
FluidOne, the market-leading provider of Connected Cloud Solutions, announced today that its cyber division Cyber Security Associates (CSA) has acquired SureCloud Cyber Services, a UK-based company with expertise in CREST and NCSC CHECK certified penetration testing and specialist cyber risk consulting........
In recent months ransomware attacks have undoubtedly picked up pace as well as impact. There have been high-profile incidents such as those on the Irish Health Service Executive (HSE), JBS Foods and IT management software firm, Kaseya.......
In recent years, businesses across various sectors have been migrating operational services to the cloud, leveraging the flexibility this brings – a trend that was accelerated by the pandemic but is showing no sign of slowing down. Gartner predicts that by 2025, 85% of enterprises will adopt a cloud-first computing approach, compared to just 20% in 2020........
The past eighteen months have been tumultuous to say the least. As well as struggling with the fallout from a global pandemic, we’ve also seen some of the most devastating cyberattacks on record; from the now infamous SolarWinds breach, which impacted organizations as large as Cisco,.......
When it comes to the Payment Card Industry Data Security Standard (PCI DSS), there are common mistakes that every QSA or ISA sees, regardless of sector and organization size.
Addressing the following five points within your organization will go a long way in eliminating that frantic scramble in the month before an audit, where everyone is feverishly........
We exploit the vulnerabilities in devices and software (via means such as authentication bypass) to educate businesses on where weaknesses in their cybersecurity plans might exist. With this information, businesses can confidently invest in IT risk management software and adopt best practices that keep them covered.........
IASME is bringing in a new question set and marking scheme for 2022. These changes will affect both Cyber Essentials and Cyber Essentials PLUS. If you begin an assessment on or after 24th January 2022, it will be marked against the Evendine scheme..........
PwnKit, discovered by the Qualys Research Team, is a local privilege escalation vulnerability affecting a widespread Linux component, Polkit’s pkexec.Polkit’s pkexec is a tool originally intended to control the running of privileged processes..........
For almost two years now, the US Department of Defense (DOD) has been reviewing a process designed to ensure defense contracts meet very specific cybersecurity standards when it comes to handling unclassified information. Known as the Cybersecurity Maturity Model Certification (CMMC).........
In a new report published by the World Economic Forum, entitled Global Cybersecurity Outlook 2022, more than 40% of CISOs said their business had been negatively impacted by a supply chain breach in the past year.........
In a recent online briefing, SureCloud’s Risk Advisory Senior Director, Craig Moores, sat down with Senior Consultant Tom Hodgkins to discuss the ‘what’, ‘how’, ‘when’ and ‘why’ of Cybersecurity Maturity Model Certification (CMMC) 1.0.........
Last year, Gartner forecast that worldwide spending on security and risk management would soon exceed $150 billion, a year-on-year increase of more than 12%. A great deal of this increased focus on security spending is down to the emerging challenges organizations are now facing.........
Payment Card Industry Data Security Standard (PCI DSS) is a regulatory requirement for any organization that accepts payment card transactions. It’s a governing standard designed to reduce payment card fraud by increasing controls..........
For some years now, geopolitical conflicts have been as much about bits and bytes as they have boots and bullets. The digital landscape has become a battleground in its own right, with state-sponsored cyberattacks becoming increasingly common. ..........
The past decade has seen more than 500 large-scale, state-sponsored cyberattacks, and those are just the ones that have been publicly documented. Geopolitical friction..........
Since the Biden administration took office in the US, cybersecurity has been a top government priority. Major cyber attacks such as the SolarWinds and Colonial Pipeline incidents have accelerated the need for better security intelligence and greater cyber resilience. .........
The UK government’s Department for Digital, Culture, Media and Sport (DCMS) has released its 2022 Cyber Security Breaches Survey. It offers an in-depth analysis of the current cyber threat landscape, including the types of threats that businesses are being exposed to and how resilient .........
Despite ransomware incidents continuing to dominate the cyber-related headlines, there seems to be a misconception among smaller and medium-sized businesses that it’s something only large corporations need to be concerned about. In fact, there are a surprising number of statistics that suggest SMEs are not adequately equipped to defend themselves against most forms of cyberattack..........
According to Statista, as of 2022, over 60% of all corporate data is stored in the cloud. This is up from just 30% in 2015. While cloud migration is being embraced by organizations the world over, many companies are struggling when it comes to cloud security, both during transition time and throughout their entire cloud journey...........
SureCloud Cyber identified a stored cross-site scripting vulnerability (XSS) within the Open edX platform < Lilac release-2021-08-02-19.11; a Learning Management System (LMS) used in many large organizations including Microsoft, IBM and several universities............
Keycloak is an open-source Identity and Access Management (IAM) solution. It allows easy implementation of single sign-on for web applications and APIs...........
It’s no secret that wearable technology, such as smartwatches and fitness trackers, are increasingly becoming a key part of our everyday lives. However, as with any trend, cybercriminals are always hot on the heels and ready to exploit vulnerabilities they find..........
Today’s threat landscape is more sophisticated than ever before, with every business a potential target. Broadly speaking, these threats come from small, organized individuals or groups that work as opportunists, scanning the internet for vulnerabilities.........
Organizations’ compliance programs have had to evolve over recent years to incorporate new ways of working, new technologies, and new changes in the threat landscape. However, the fundamental requirements to achieve and maintain compliance have not..........
Trying to stay fully compliant today can be like trying to hit a moving target. The regulatory landscape is now evolving at such a rapid pace that many companies find themselves working overtime just to keep up, let alone get ahead of the curve..........
Ransomware attacks have been taking up a large proportion of the news headlines, but that doesn’t mean there haven’t been plenty of other threats and security issues happening in the world.........
SureCloud Cyber identified a denial of service (DoS) vulnerability in Akka-http prior to 10.2.6. An Akka-http application that is exposed to the Internet can be remotely crashed by sending a crafter User-Agent header leading to a loss of availability..........
CVE-2021-44228, also known as Log4Shell, is a remote code execution (RCE) vulnerability affecting Apache Log4j version 2, an open-source logging library for Java developed by the Apache Foundation...........
October is Cybersecurity Awareness Month, which is an initiative led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA). This year’s campaign theme, ‘See Yourself in Cyber’, focuses on the “people” aspect of cybersecurity..........
In the penultimate installment of our special Cybersecurity Awareness Month interviews, we sit down with one of SureCloud’s newest recruits, Mina Khatun. Mina follows in the footsteps of her colleagues, Ciaren Jones and Janhavi Deshpande, in giving us an insight into the people behind cyber risk management...........
The Cybersecurity and Infrastructure Security Agency (CISA) in the US recently released its annual top routinely exploited vulnerabilities report. It is co-authored by a number of cybersecurity authorities worldwide and aims to summarize the vulnerabilities having the biggest impact on organizations. ..........
The Cybersecurity and Infrastructure Security Agency (CISA) in the US recently released its annual top routinely exploited vulnerabilities report. It is co-authored by a number of cybersecurity authorities worldwide and aims to summarize the vulnerabilities having the biggest impact on organizations. ..........
Consumer data privacy has become a key priority for lawmakers across the globe. As a result, regulators are taking a much firmer stance when it comes to enforcing current policy and fines when our information is put at risk. In response, organizations must also take a firmer stance in devising an effective Compliance management solution..........
It’s been a relatively long time since the Security Standard Council released its last update: The Payment Card Industry Data Security Standard (PCI DSS) v4.0..........
Simone Q., Principal Security Consultant, took Nick Hayes, Senior Director of Cyber Solutions at SureCloud, through what AppSec means and how we can ensure app developers address security threats thoroughly in their vulnerability management plans..........
The financial and reputational damage caused by a cyberattack can be devastating for governments and organizations. Research from IBM estimates that in 2021 the average cost of a cyberattack to US-based organizations had soared to more than $9 million. As a result, businesses across the globe are investing vast amounts in cybersecurity defense strategies..........
According to the National Cyber Security Centre (NCSC) there were 6.4 million reports of suspicious email activity in 2022, which resulted in 67,300 scam URLs being blocked..........
The cybersecurity landscape is more challenging and complex than ever before. The development of intelligent new technologies means threats to organizations are evolving faster and security teams are under constant pressure to adapt to the ever-changing environment..........
Cybercrime isn’t going anywhere, and its impact continues to have devastating consequences for individuals and organizations across the globe. So much so, experts believe the global cost of cybercrime will reach $10.5 trillion annually by 2025..........
Organizations needing to comply with the Payment Card Industry Data Security Standard (PCI DSS) will already be familiar with the defined approach as, historically, this is how companies demonstrate compliance...........
The NCSC defines penetration testing as “A method for gaining assurance in the security of an IT system by attempting to breach some or all of that system’s security, using the same tools and techniques as an adversary might.”..........
As the world transitions to PCI DSS v4.0, both enterprises and assessors are adjusting their operational strategies to meet the new requirements. Although the primary focus remains on implementing essential controls, PCI DSS v4.0 introduces a more customized approach..........
It’s time for your organization to take action and transition to PCI DSS v4.0 Compliance. The Payment Card Industry Data Security Standard (PCI DSS) has recently been updated to version 4.0, introducing significant changes to the standard. Organizations can now choose to be evaluated against the previous version, 3.2.1, or migrate to the new 4.0 version...........
Do you take your security seriously? In this blog, you’ll learn why incident response testing is vital to your organization’s security strategy. Incident Response is a structured approach organizations take to handle and manage security incidents effectively when they occur. ..........
It’s been a busy first half of the year for the cybersecurity sector. The threat landscape remains increasingly volatile and organizations live in constant fear of becoming the latest victims of a major security breach. In this edition of our Cyber Threat Briefing, our team of experts has picked out three cyberattacks that..........
Whether it’s governments, big corporations, or individuals, any organization with an internet connection is a possible target for hackers. As a result, cybercrime has unfortunately become big business and numerous high-profile attacks hit the headlines over the last year. ..........
2024 Surecloud Cyber Services Ltd - All Rights Reserved | All Logos and Trademarks are © or ™ of there respective owners