On the 31st of May 2023 a public warning was issued by MOVEit, regarding a critical SQL injection vulnerability found in in their systems. This vulnerability allowed malicious actors to gain access to the database. The flaw, known as CVE-2023-34362, was identified on the 2nd of June, but it had already been exploited four days before the alert. By the end of May, approximately 2,500 instances of MOVEit file transfers were discovered to be exposed online, primarily in the United States.

A disaster recovery plan (DPR) is essentially a roadmap designed to manage the disruptions of an unforeseen incident (such as a data breach or ransomware attack). Many small businesses may not see the value in establishing a disaster recovery plan until it’s too late, leaving their data and their client’s data at severe risk. The likelihood of your business experiencing a cyber-attack is higher than you might think.

Experts from around the globe gathered at the RSA Conference 2023 in San Francisco, and shared what they are predicting to be the 5 most dangerous cyber security threats impacting organisations today. The panel consisted of four respected SANS analyst experts, invited to explore the latest Tactics, Techniques and Procedures (TTP’s) of modern adversaries, and empower organisations with the correct detection and defence advice.

The report informs government policy on cyber security whilst educating organisations on current threats, and how they can best protect themselves from attacks. This year’s report explores the policies, processes and approaches of modern cyber security, alongside the different cyber attacks and crimes that businesses, charities and educational institutions are facing.

Not long after impressing Microsoft 365 customers with the recent Microsoft 365 Copilot announcement, Microsoft have launched another AI-powered Copilot product. This time with a whole new set of possibilities – introducing Microsoft Security Copilot.

It seems that Chatbots are now embedded into every digital solution at our disposal, but despite the simplicity and ease this tool provides, cyber security concerns have been raised over the AI’s ability to spread misinformation, aid hackers in developing malware and even present sensitive data leak threats.

This month, the NCSC and its Cyber Essentials delivery partner IASME will update the technical requirements for the 2023 Cyber Essentials scheme. These changes come as part of a regular review of the scheme’s technical controls, ensuring that it continues to help UK organisations guard against the most common cyber threats. Changes come into play on 24th April 2023, and as stated on their website, these modifications will cover a variety of key areas.

IBM have just released their coveted X-Force Threat Intelligence Index 2023 report, tracking new, existing and evolving threat insights, discovered over the last year. This in-depth, 58-page report explores threat actor’s exploitation of the after-effects of a global pandemic, and the turmoil caused by conflict between Russia and Ukraine, as IBM states “creating exactly the kind of chaos in which cybercriminals thrive. And thrive they did.”.

Initially we wanted to spend some time writing a piece about the upcoming Windows 10 EOL and soon-to-be forced, MFA number matching. But instead, we decided to get ChatGPT to do it for us – so we asked it two questions.

As Christmas approaches, many of you will be winding down and preparing for the festivities – unfortunately, cyber criminals notoriously take advantage of the holiday season, coercing their way into our digital spaces and cashing in on the season of giving. With this in mind, here are our cloud and security experts 12 top-tips, to ensure that your business and workforce, stay one step ahead of the hackers.