Certifications

CREST STAR CHECK CYBER ESSENTIALS ISO27001 ISO9001

About Us

Cyberis is an innovative information security consultancy which was formed in 2011. Cyberis' founders have 30 years of experience between them working in the information security industry and are able to call upon a wide range of skills and abilities.

Common TLS/SSL Issues and What They Mean

Encryption implementation issues are, in my experience, some of the most commonly reported findings during penetration tests. Whilst they may not always be quite as scary as seeing "SQL Injection" or "Stored Cross-Site Scripting" in a report, their ubiquity merits some discussion. 

We broadly find the most often encountered issues fall under three categories:

  • Outdated Encryption Protocol Support
  • Certificate Issues
  • Weak Cipher Suites

How are these three categories linked and what do they do to keep my data safe? 

Cyberis becomes CBEST Approved

Cyberis has announced that it is now an approved Penetration Testing provider under the Bank of England (BoE)'s CBEST scheme. CBEST is a framework run by the Bank of England through the industry body CREST that delivers controlled, bespoke, intelligence-led cyber security tests, to increase the resiliency of financial services organisations against cyber attacks. Regulators such as the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA), have integrated the CBEST security assessment framework into their supervisory strategies.

Tags

Domain Hijacking Via Logic Error - Gandi and Route 53 Vulnerability

On 12 February 2021, Cyberis identified a weakness in the domain transfer processes of Gandi which allowed any Nominet registry domain (including .co.uk and org.uk domains) registered with Gandi to be transferred out of the owner’s control and into the control of an arbitrary AWS Route 53 account, without any authorisation being provided by the owner of the domain.  Exploitation of this weakness did not result in the registrant details being modified in the Nominet registry, but once an adversary has taken control of a domain they are likely to be able to satisfy the checks in place that wo