Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Ahead of the curve: Proactively managing third-party risks

According to a Gartner report, 60% of organizations will rely on third-party vendors for more than half of their critical business operations by 2025. However, Gartner also warns that third-party risk events – such as data breaches or compliance violations – will increase by 30% in the same timeframe. As a technology leader, these figures resonate deeply with the challenges I see organizations facing daily.

Cyber Essentials NHS and Healthcare Organisations

Cyber Essentials scheme is a UK government-backed initiative designed to help organisations, large or small, shield themselves from common cyber threats. It outlines a straightforward set of technical security controls that, when appropriately implemented, can reduce an organisation’s attack surface. This is particularly vital for NHS and healthcare organisations. They handle NHS data that needs robust protection.

Detecting and mitigating CVE-2024-12084: rsync remote code execution

On Tuesday, January 14, 2025, a set of vulnerabilities were announced that affect the “rsync” utility. Rsync allows files and directories to be flexibly transferred locally and remotely. It is often used for deployments and backup purposes. In total, 6 vulnerabilities were announced to the OSS Security mailing list. The most severe vulnerability, CVE-2024-12084, may result in remote code execution. This post will cover how to detect and mitigate CVE-2024-12084.

NCSC Cyber Assessment Framework (CAF)

Cyber incidents can result in catastrophic consequences. Cyber risks faced by public sector organisations need a plan. NCSC developed the cyber assessment framework (CAF) to help organisations achieve and demonstrate cyber resilience, specifically in, specifically by identifying the important functions at risk of disruption due to cyber incidents.

CMMC Auditor vs Assessor (CCA): How the Two Compare

The full compliance process for CMMC, the Cybersecurity Maturity Model Certification, culminates in an audit that validates an organization’s cybersecurity posture and its implementation of the security controls that apply to it. Throughout this process, there is a gatekeeper who performs your audit. You may have heard of them referred to as a CMMC Auditor or a CMMC Assessor. With these two terms in play, you may be wondering what the difference is between them.

How to Lock Your Social Security Number Safely

Identity thieves will do anything to get your Social Security Number (SSN). It's a very important piece of personal information. Locking your SSN is a proactive way to protect your name and money from fraud. The Federal Trade Commission (FTC) says that over 1.4 million Americans were victims of identity theft in 2022. Many of these crimes involved stolen Social Security numbers. To lower these risks, you need to learn how to safely lock your Social Security Number.

Time Out for TikTok: An exploration of the risks presented by the US TikTok ban

On 13 March 2024, the US House of Representatives approved a bill which demands that the China-based ByteDance divests the popular social media platform TikTok, effectively banning it in the country. The measure was passed with a 352 to 65 vote after being introduced on 5 March 2024 by Republican Mike Gallagher and Democrat Raja Krishnamoorthi.

ConVErsations: Criminal Discussion of Vulnerabilities and Exploits

Defenders often discuss security vulnerabilities on GitHub, Stack overflow, X (formerly Twitter), and other platforms to share knowledge of these threats and ensure users know when patches are available. Cybercriminals have a similar process, choosing to share vulnerability news, exploit code, and engage in technical discussions on cybercriminal forums. However, in contrast to defenders, these threat actors share this knowledge for the purpose finding unpatched systems and exploiting them.

EP 69 - Cloudy with a 100% Chance of Secrets: Decoding Secrets Management in the Cloud

In this episode of the Trust Issues podcast, host David Puner dives into the complexities of secrets management with Ritesh Desai, General Manager at AWS Secrets Manager. They discuss the evolving landscape of secrets management, emphasizing the importance of a multi-layered defense strategy as organizations increasingly adopt cloud services, digital transformation and agile development practices.

Enhance Your Security Posture with Microsoft Azure Native Tools and Tanium

When it comes to securing your business, visibility into your company’s devices is key. As we so often say, you can’t protect what you can’t see. What’s more, visibility into your devices needs to be accurate and current – your IT security and operations teams can’t protect your environment if they’re working from data that’s hours (or days or weeks) old.