Blog
Blog
Proactive Approach to Incident Response. Part 2 – Cross-train your teams
In the previous article, we wrote about the importance of the Incident Response plan for organisations' OT infrastructure and legal obligations. Proactive IT/OT Cybersecurity Incident Response (IR) should be made up of a balance of prevention, detection, and...
Small Business Cyber Resilience Improvement Guide. Part III – Protecting your organisation from Malware
Part 3 - Protecting your organisation from Malware Malware is an abbreviation from ‘malicious software’ and is used to describe any software or web content that can cause harm to your organisation. Here are six tips to help you protect yourself from the...
Proactive Approach to Incident Response. Part 1 – Introduction
OT infrastructure attacks Cyber-attacks on Operational Technology infrastructure are becoming more frequent and more sophisticated in recent years. Just to refresh our memory here is a very short list of the most well publicised attacks of the recent past:...
Small Business Cyber Resilience Improvement Guide. Part II – Backing up …
Part 2 - Backing up your data Data is the backbone of any business – customer details, quotes, orders, payment details are only the most obvious kind of data that a business depends upon. And as you are aware there is so much more to the kind of information...
Small Business Cyber Resilience Improvement Guide. Part I – Introduction
Introduction With the recent increase in ransomware attacks around the world the question shifts from "If we will get hacked" to "When will we get hacked". It applies to all of us who use a computer, a mobile phone or one of the many electronic devices. The...
Let’s face it – Smart Buildings are insecure …
… but that can be fixed! A glimpse of an eye at downtown in any of major cities in Poland is enough to say that we can be proud of most recent commercial real estate developments. Office buildings became more ergonomic and tenant friendly, ongoing technology...
Multiple vulnerabilities in GameLoop – remote code execution, privilege escalation
Gameloop is an Android emulator released by Tencent. During our tests, we have identified multiple vulnerabilities which can lead to code execution and privilege escalation inside the guest operating system. CVEID: CVE-2020-29008 Name of the affected...
CVE-2020-29007 – remote code execution in Mediawiki Score
Score is a Mediawiki extension which generates musical notation based on user-provided Lilypond or ABC markup. During our tests, we have determined it is vulnerable to remote code execution through Scheme code embedded in Lilypond markup. CVEID:...
ReVoLTE – an attack exploiting the reuse of the same keystream by vulnerable base stations
A group of academics from Ruhr University Bochum and New York University Abu Dhabi have presented a new attack called 'ReVoLTE', that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted phone calls. The crux of the...
Cyber Kill Chain – what is it and how to use it to stop advanced methods of attack?
Recently the number of cyberattacks has increased year on year. It is also estimated that the number of attacks conducted with the use of ransomware increases by 350%¹ each year. Additionally, the Covid19 pandemic has caused an increase in the number of...