Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

April 2021

Social Engineering: The Art of Human Hacking

In the beginning, social engineering was an art of social science. It is used to change people’s behaviour and make changes in society. It looks at a lot of groups, including government, media, academia and industries. Nevertheless, with the development of technology and people’s concerns about security, social engineering has started to be used. Cyber criminals use it to trick humans by using deceptive techniques or information that disguises their intentions.

How to prevent OWASP API Top 10 security vulnerabilities? API attack prevention

Broken object level authorization Broken user authentication Excessive data exposure Lack of resources and rate limiting Broken function level authorization Mass assignment Security misconfiguration Injection Improper assets management Insufficient logging and monitoring Cyphere is a UK-based cyber security services provider helping organisations to secure their most prized assets. We provide technical risk assessment (pen testing/ethical hacking) and managed security services. This advice is a true third party opinion, free from any vendor inclinations or reselling objectives.

Red teaming vs pentesting - What is the difference and impact on your cyber security strategy

Learn about:
+ What is Red Teaming?
+ Business Benefits of Red Teaming
+ Red Teaming Methodology
+ Common Terms & Acronyms
+ What is Penetration Testing?
+ Business Benefits of Penetration Testing
+ Pentesting Methodology
+ When should you consider a red team assessment?
+ When you are asking for a ‘red team’ and don’t need one.
+ When you are asking for a ‘pen test’ and don’t need one.

What is cyber security architecture? Elements, purpose and benefits

The principles of cyber security architecture are indeed similar to IT architecture. Networks are only going to expand, technology is going to evolve, and one constant question on every organisation’s mind is “How to ensure the protection of our assets?”. This concern is further heightened in companies whose services are mainly digitised, accounting for over 60% of UK businesses.

How often should you perform vulnerability scanning? Best practices shared

To understand how often vulnerability scanning should be performed, it’s important to delve into the drivers behind this objective. Vulnerability management includes the treatment of risks identified during the vulnerability assessments. This is a vital element of the risk management regime for any organisation. Without making informed choices around risk appetite, an organisation may not get the best out of a vulnerability management programme.

Insider Threats in Cyber Security : Types, Examples and Detection Indicators

Learn about insider threats that are amongst the top security threats to organisations. + What are insider threats in cyber security? + What types of insider threats are there? + What are the famous examples of insider threats? + What are the consequences of such threats? + How can insider threats be detected? + How to address insider threats?

OWASP Top 10 API security vulnerabilities | API security risks

OWASP API security top 10 is an API security project that focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs). Through community-led projects globally, it is a great source for tools, resources, education & training for developers and technologists to secure the web and mobile applications. This community has also produced some of the best testing guides, cheat sheets, methodologies and a lot of community work for which all of us are grateful.

What is the Principle of Least Privilege?

Here is a simple illustration of how the principle of least privilege works. Remember when you installed Whatsapp? You most likely got a prompt asking you to click “Allow” so the app could access your media, run in the background, or manage contacts. In that instance, you were extending privileged access to the application, so it runs effectively for you.

Everything you need to know about vulnerability scanning

With high-risk vulnerabilities popping up every other week, realising there is no such dream ‘patch everything’ and configuration changes slowly add up to weakening your infrastructure security. Vulnerability management and scanning are core components of a solid cyber security strategy, ensuring a sound risk management process. Vulnerability management helps an organisation keep an eye on their assets, both from asset management and operational security.

Why is cyber security important?

Businesses not taking cyber security seriously are undermining how important it is for growth. Cyber security is covers all aspects of protecting our sensitive data held in various forms, such as personally identifiable information (PII), health records, intellectual property, industrial systems, critical infrastructure, governments and military information.

Basic principles of Information Security | CIA triad (Confidentiality, Integrity, availability)

Learn about the 3 principles of information security and the difference between information and cyber security. The three core principles of information security are called CIA triad (confidentiality, integrity and availability).

What is Cyber Kill Chain?

The Cyber kill chain, also called CKC, is a phase based cybersecurity model developed by Lockheed Martin. It is co-opted from the military term ‘kill-chain’ used to break down the structure of an attack. The team developed the model to help security teams understand with break down of an externally originated attack into seven different steps. It helps teams to learn how cyber attacks work and help prepare the defensive controls of an organisation.