Blog

Recent Blog Posts

image

FluidOne and its Cyber Security Associates division (CSA) acquire SureCloud Cyber Services

FluidOne, the market-leading provider of Connected Cloud Solutions, announced today that its cyber division Cyber Security Associates (CSA) has acquired SureCloud Cyber Services, a UK-based company with expertise in CREST and NCSC CHECK certified penetration testing and specialist cyber risk consulting........

image

Cyber Threat Briefing: Implementing Ransomware Controls

In recent months ransomware attacks have undoubtedly picked up pace as well as impact. There have been high-profile incidents such as those on the Irish Health Service Executive (HSE), JBS Foods and IT management software firm, Kaseya.......

image

Cyber Threat Briefing: Cloud Security

In recent years, businesses across various sectors have been migrating operational services to the cloud, leveraging the flexibility this brings – a trend that was accelerated by the pandemic but is showing no sign of slowing down. Gartner predicts that by 2025, 85% of enterprises will adopt a cloud-first computing approach, compared to just 20% in 2020........

image

Cyber Threat Briefing: Defending Against Ransomware

The past eighteen months have been tumultuous to say the least. As well as struggling with the fallout from a global pandemic, we’ve also seen some of the most devastating cyberattacks on record; from the now infamous SolarWinds breach, which impacted organizations as large as Cisco,.......

image

Common PCI DSS Mistakes

When it comes to the Payment Card Industry Data Security Standard (PCI DSS), there are common mistakes that every QSA or ISA sees, regardless of sector and organization size.

Addressing the following five points within your organization will go a long way in eliminating that frantic scramble in the month before an audit, where everyone is feverishly........

image

Time To Update your Video Conference Software

We exploit the vulnerabilities in devices and software (via means such as authentication bypass) to educate businesses on where weaknesses in their cybersecurity plans might exist. With this information, businesses can confidently invest in IT risk management software and adopt best practices that keep them covered.........

image

Cyber Essentials Evendine Question Set

IASME is bringing in a new question set and marking scheme for 2022. These changes will affect both Cyber Essentials and Cyber Essentials PLUS. If you begin an assessment on or after 24th January 2022, it will be marked against the Evendine scheme..........

image

PwnKit / CVE-2021-4034 – Local Privilege Escalation in pkexec

PwnKit, discovered by the Qualys Research Team, is a local privilege escalation vulnerability affecting a widespread Linux component, Polkit’s pkexec.Polkit’s pkexec is a tool originally intended to control the running of privileged processes..........

image

Cybersecurity Maturity Model Certification (CMMC): What, How, When and Why?

For almost two years now, the US Department of Defense (DOD) has been reviewing a process designed to ensure defense contracts meet very specific cybersecurity standards when it comes to handling unclassified information. Known as the Cybersecurity Maturity Model Certification (CMMC).........

image

Cyber Threat Briefing: An Organization’s Susceptibility to Supply Chain Attacks

In a new report published by the World Economic Forum, entitled Global Cybersecurity Outlook 2022, more than 40% of CISOs said their business had been negatively impacted by a supply chain breach in the past year.........

image

Everything You Need To Know About CMMC 2.0

In a recent online briefing, SureCloud’s Risk Advisory Senior Director, Craig Moores, sat down with Senior Consultant Tom Hodgkins to discuss the ‘what’, ‘how’, ‘when’ and ‘why’ of Cybersecurity Maturity Model Certification (CMMC) 1.0.........

image

Enterprise Architecture and Its Role Against Security Threats

Last year, Gartner forecast that worldwide spending on security and risk management would soon exceed $150 billion, a year-on-year increase of more than 12%. A great deal of this increased focus on security spending is down to the emerging challenges organizations are now facing.........

image

PCI DSS v4.0 – Where are we now?

Payment Card Industry Data Security Standard (PCI DSS) is a regulatory requirement for any organization that accepts payment card transactions. It’s a governing standard designed to reduce payment card fraud by increasing controls..........

image

Cyber Threat Briefing: Assessing the Russian Cyber Threat Landscape

For some years now, geopolitical conflicts have been as much about bits and bytes as they have boots and bullets. The digital landscape has become a battleground in its own right, with state-sponsored cyberattacks becoming increasingly common. ..........

image

How Can Your Organization Stay Safe in the Age of Cyber Warfare?

The past decade has seen more than 500 large-scale, state-sponsored cyberattacks, and those are just the ones that have been publicly documented. Geopolitical friction..........

image

What is the Strengthening American Cybersecurity Act and what do I need to know?

Since the Biden administration took office in the US, cybersecurity has been a top government priority. Major cyber attacks such as the SolarWinds and Colonial Pipeline incidents have accelerated the need for better security intelligence and greater cyber resilience. .........

image

Key findings from the DCMS Cyber Security Breaches Survey 2022

The UK government’s Department for Digital, Culture, Media and Sport (DCMS) has released its 2022 Cyber Security Breaches Survey. It offers an in-depth analysis of the current cyber threat landscape, including the types of threats that businesses are being exposed to and how resilient .........

image

Every Business is a Target

Despite ransomware incidents continuing to dominate the cyber-related headlines, there seems to be a misconception among smaller and medium-sized businesses that it’s something only large corporations need to be concerned about. In fact, there are a surprising number of statistics that suggest SMEs are not adequately equipped to defend themselves against most forms of cyberattack..........

image

Cybersecurity Essentials for Cloud Environments

According to Statista, as of 2022, over 60% of all corporate data is stored in the cloud. This is up from just 30% in 2015. While cloud migration is being embraced by organizations the world over, many companies are struggling when it comes to cloud security, both during transition time and throughout their entire cloud journey...........

image

Stored XSS Vulnerability in Open edX Platform < Lilac Release-2021-08-02-19.11

SureCloud Cyber identified a stored cross-site scripting vulnerability (XSS) within the Open edX platform < Lilac release-2021-08-02-19.11; a Learning Management System (LMS) used in many large organizations including Microsoft, IBM and several universities............

image

Pentesting Keycloak Part 1: Identifying Misconfiguration Using Risk Management Tools

Keycloak is an open-source Identity and Access Management (IAM) solution. It allows easy implementation of single sign-on for web applications and APIs...........

image

Cyber Threat Briefing: How secure is your wearable tech?

It’s no secret that wearable technology, such as smartwatches and fitness trackers, are increasingly becoming a key part of our everyday lives. However, as with any trend, cybercriminals are always hot on the heels and ready to exploit vulnerabilities they find..........

image

Cyber Threat Briefing: Through The Eyes Of An Advanced Persistent Threat

Today’s threat landscape is more sophisticated than ever before, with every business a potential target. Broadly speaking, these threats come from small, organized individuals or groups that work as opportunists, scanning the internet for vulnerabilities.........

image

The Changing Compliance Landscape: Preparing for PCI DSS v4.0

Organizations’ compliance programs have had to evolve over recent years to incorporate new ways of working, new technologies, and new changes in the threat landscape. However, the fundamental requirements to achieve and maintain compliance have not..........

image

Practical Steps to Embedding and Measuring Continuous Compliance

Trying to stay fully compliant today can be like trying to hit a moving target. The regulatory landscape is now evolving at such a rapid pace that many companies find themselves working overtime just to keep up, let alone get ahead of the curve..........

image

Cyber Threat Briefing: Real-World Cyber Threats

Ransomware attacks have been taking up a large proportion of the news headlines, but that doesn’t mean there haven’t been plenty of other threats and security issues happening in the world.........

image

DoS Vulnerability in Akka-http <= 10.2.6

SureCloud Cyber identified a denial of service (DoS) vulnerability in Akka-http prior to 10.2.6. An Akka-http application that is exposed to the Internet can be remotely crashed by sending a crafter User-Agent header leading to a loss of availability..........

image

Log4j / Log4Shell / CVE-2021-44228

CVE-2021-44228, also known as Log4Shell, is a remote code execution (RCE) vulnerability affecting Apache Log4j version 2, an open-source logging library for Java developed by the Apache Foundation...........

image

From Professional Footballer to Cybersecurity Consultant

October is Cybersecurity Awareness Month, which is an initiative led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA). This year’s campaign theme, ‘See Yourself in Cyber’, focuses on the “people” aspect of cybersecurity..........

image

See Yourself in Cyber this Cybersecurity Awareness Month: Interview With Mina Khatun

In the penultimate installment of our special Cybersecurity Awareness Month interviews, we sit down with one of SureCloud’s newest recruits, Mina Khatun. Mina follows in the footsteps of her colleagues, Ciaren Jones and Janhavi Deshpande, in giving us an insight into the people behind cyber risk management...........

image

Successful Vulnerability Management: The Must-Know Vulnerabilities Your Business Needs to Fix

The Cybersecurity and Infrastructure Security Agency (CISA) in the US recently released its annual top routinely exploited vulnerabilities report. It is co-authored by a number of cybersecurity authorities worldwide and aims to summarize the vulnerabilities having the biggest impact on organizations. ..........

image

Examining the Follina and Confluence Vulnerabilities: Risks, Remediation, and Vulnerability Management

The Cybersecurity and Infrastructure Security Agency (CISA) in the US recently released its annual top routinely exploited vulnerabilities report. It is co-authored by a number of cybersecurity authorities worldwide and aims to summarize the vulnerabilities having the biggest impact on organizations. ..........

image

Why Should ISO 27001 Be Central to Your Information Security Strategy?

Consumer data privacy has become a key priority for lawmakers across the globe. As a result, regulators are taking a much firmer stance when it comes to enforcing current policy and fines when our information is put at risk. In response, organizations must also take a firmer stance in devising an effective Compliance management solution..........

image

Combating E-Commerce Data Skimming With PCI Standard v4.0

It’s been a relatively long time since the Security Standard Council released its last update: The Payment Card Industry Data Security Standard (PCI DSS) v4.0..........

image

How Can Your Organization Implement Its Own Successful AppSec Program?

Simone Q., Principal Security Consultant, took Nick Hayes, Senior Director of Cyber Solutions at SureCloud, through what AppSec means and how we can ensure app developers address security threats thoroughly in their vulnerability management plans..........

image

Why Red Teaming Should be an Essential Pillar of your Organization’s Cybersecurity Strategy

The financial and reputational damage caused by a cyberattack can be devastating for governments and organizations. Research from IBM estimates that in 2021 the average cost of a cyberattack to US-based organizations had soared to more than $9 million. As a result, businesses across the globe are investing vast amounts in cybersecurity defense strategies..........

image

Cyber Threat Briefing: Why Prioritizing Password Management and Good Cyber Hygiene is Key to Reducing Risk

According to the National Cyber Security Centre (NCSC) there were 6.4 million reports of suspicious email activity in 2022, which resulted in 67,300 scam URLs being blocked..........

image

View from the Experts: Top Cybersecurity Trends your Organization Needs to Watch Out for in 2023 and Beyond

The cybersecurity landscape is more challenging and complex than ever before. The development of intelligent new technologies means threats to organizations are evolving faster and security teams are under constant pressure to adapt to the ever-changing environment..........

image

Vulnerability Management Program: What Makes it Good and What Does Success Look Like?

Cybercrime isn’t going anywhere, and its impact continues to have devastating consequences for individuals and organizations across the globe. So much so, experts believe the global cost of cybercrime will reach $10.5 trillion annually by 2025..........

image

PCI DSS v4.0: The Customized Approach

Organizations needing to comply with the Payment Card Industry Data Security Standard (PCI DSS) will already be familiar with the defined approach as, historically, this is how companies demonstrate compliance...........

image

The Benefits of Combining your ISMS Program with a Penetration Testing Cycle

The NCSC defines penetration testing as “A method for gaining assurance in the security of an IT system by attempting to breach some or all of that system’s security, using the same tools and techniques as an adversary might.”..........

image

Optimizing PCI DSS Compliance: The Role of INFI in Continuous Compliance Improvement

As the world transitions to PCI DSS v4.0, both enterprises and assessors are adjusting their operational strategies to meet the new requirements. Although the primary focus remains on implementing essential controls, PCI DSS v4.0 introduces a more customized approach..........

image

How SureCloud Empowers Organizations in Transitioning to PCI DSS Version 4 Compliance

It’s time for your organization to take action and transition to PCI DSS v4.0 Compliance. The Payment Card Industry Data Security Standard (PCI DSS) has recently been updated to version 4.0, introducing significant changes to the standard. Organizations can now choose to be evaluated against the previous version, 3.2.1, or migrate to the new 4.0 version...........

image

The Vital Role of Incident Response Testing in Organizations’ Security

Do you take your security seriously? In this blog, you’ll learn why incident response testing is vital to your organization’s security strategy. Incident Response is a structured approach organizations take to handle and manage security incidents effectively when they occur. ..........

image

Cyber Threat Briefing: Russian Hackers, GoDaddy’s Cyberattack, and Reddit’s Open Communication

It’s been a busy first half of the year for the cybersecurity sector. The threat landscape remains increasingly volatile and organizations live in constant fear of becoming the latest victims of a major security breach. In this edition of our Cyber Threat Briefing, our team of experts has picked out three cyberattacks that..........

image

Key Cyber Moments Of 2022: What Happened And What Have We Learned?

Whether it’s governments, big corporations, or individuals, any organization with an internet connection is a possible target for hackers. As a result, cybercrime has unfortunately become big business and numerous high-profile attacks hit the headlines over the last year. ..........