There is some confusion surrounding Cyber Essentials; what it is, why people need it and often there is a misinterpretation that Certifying Bodies are responsible for the schemes rules. Cyber Essentials is a relatively new certification. It has been mandated since October 2014 for UK government suppliers, although it is not limited to them, non-government organisations are encouraged to seek to obtain the certification.
There's no such thing as infallible security, and preventing every single security breach is impossible.
But when a breach does happen, the steps an organization takes next will largely determine the damage they suffer, and how the business recovers. A security team's first reaction is often to move to eject the attackers. But is that always the right strategy? Especially when it comes to advanced threats, there is a case for biding your time, and gathering intelligence.
In 2012, HM Government launched the 10 Steps to Cyber Security in an effort to make clear that risks to information should be taken as seriously as financial, regulatory, legal or operational risk. The 10 steps to Cyber Security programme provided guidance on how an organisation might approach the task of making security an integral part of their business.
Over the last 12 months, ransomware has rapidly become one of the most prevalent information security threats to a vast number of organisations of any size, as well as the individual consumer. It is a highly lucrative opportunity for criminals and is claiming a growing list of victims. Indeed, at Cyberis, we have experienced a significant upward trend in incident response services and requests for our advice due to ransomware events.
Another version of PCI DSS was released by the PCI Security Standards Council on 28 April 2016 - PCI DSS v3.2. The SSC comments that the industry should expect more incremental revisions in the future, to address the changing threat and payment landscape.
The news that Dell has been bundling a Trusted Certificate Authority to customers of brand new computers has been widely reported in the last few days. If you have not yet caught up with the news, essentially a Dell CA has been bundled with software installed on a new machine, which unfortunately also contains the corresponding private key. This means that anyone who has this private key, which is available to anyone with access to a new Dell computer, can sign any certificate.
You may have already seen reference to the OpenSSL 'Heartbleed' vulnerability which was published this week (http://heartbleed.com/).
If you have not yet seen this advisory, this is a very serious vulnerability in OpenSSL version 1.0.1 through 1.0.1f inclusive, and when exploited this bug allows a connecting attacker to retrieve sensitive memory contents from affected servers.
Further to our article on Password Audit of a Domain Controller, we've discovered a couple of short-cuts that greatly simplify the process.
Using the same underlying technique (Volume Shadow Service), there is an in-built command (Windows 2008 and later) that does a backup of the crucial NTDS.dit file, and the SYSTEM file (containing the key required to extract the password hashes), without the need to use VB Script, third-party tools or injecting into running processes.
Recently Cyberis has reviewed a number of next-generation firewalls and content inspection devices - a subset of the test cases we formed related to compression bombs - specifically delivered over HTTP. The research prompted us to take another look at how modern browsers handle such content given that the vulnerability (or perhaps more accurately, ‘common weakness’ - http://cwe.mitre.org/data/definitions/409.html) has been reported and well known for over ten years.
Egresser is a tool to enumerate outbound firewall rules, designed for penetration testers to assess whether egress filtering is adequate from within a corporate network. Probing each TCP port in turn, the Egresser server will respond with the client’s source IP address and port, allowing the client to determine whether or not the outbound port is permitted (both on IPv4 and IPv6) and to assess whether NAT traversal is likely to be taking place.