Defense
This is not meant to be an essay, but simply a rapid-fire view of things that I see that are major challenges with digital security in today’s age. So, without any further delay let us hit it:
Read more “5 Major Challenges with Business Digital Security”
Defense
This is an area that I think some might be interested in. I have worked with orgs of all shapes and sizes and one central area I find people struggle with is change management. I am not talking about organisational change management (that is another) but I am talking about the change of information systems or security controls.
Now you might be familiar with ITILv3/2011 and the PROCESS of change management or you might be in the new practise world of ITIL4 where it is called change enablement, or you might have no idea what I am rabbiting on about. That is ok that is why we are here!
The purpose of change management is (according to ITIL) to help minimise the risk of change for IT services.
Read more “Change Management 101”
Defense
At the heart of most organisations are a Windows server active directory domain (or multiple of these), yet one of the most common findings when we review organisations security postures are there are significant weaknesses in their active directory deployments, both from an architectural, operational and security perspectives.
Active directory provides a range of functionality to organisations, from authentication, authorisation as well as supporting services such as printer and share listing, DNS, people/information lookups and integration for 3rd party services. It’s the very hub that links most modern networked systems together and now it’s expanded beyond the corporate walls into the cloud with integration into Azure Directory Services as part of Azure or Office 365.
Essentially Active Directory can be considered a castle whereby crown jewels are held! This may be in the form of credentials/identity or by nature of granting access to business systems that hold sensitive data (such as using AD integration to log into an HR or Finance system). Read more “Active Directory Security: Securing the crown jewels with PingCastle 2.8.0.0”
Threat Intel
Welcome to the first instalment of threat week, the concept of threat week is to provide regular updates on threats, vulnerabilities, security news to provide you with a service that cuts through the noise and enables you to improve the security of your organisation.
To give people an idea of the content we will be producing we’ve published the following below. The concept is to tailor the content to your specific organisation as we’ve been doing with our customers. To start this process, after your subscribe one of the team will be in touch to discuss your specific requirements.
Vmware releases patches for ESXi, Fusion and Workstation to remove data leakage vulnerabilities!
https://www.vmware.com/uk/security/advisories/VMSA-2018-0016.html
Hackers are targeting CISCO CVE-2018-0296
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd
Threat Trend – Ransomware declines whilst Crypto mining malware becomes king of the hill for attackers
http://www.newsweek.com/crypto-mining-malware-outbreak-infected-500000-computers-single-day-836145
Ticketmaster breach – Most of you will be aware that Ticketmaster was involved in a cyber incident. The NCSC has published guidance for customers who suspect their account have been compromised.
https://www.ncsc.gov.uk/guidance/ncsc-advice-ticketmaster-customers