We’re proud to announce this new service. Risk Crew, the elite group of information security governance, risk & compliance experts, and the forerunners in the design & delivery of innovative & effective solutions, is proud to announce an addition to the GRC portfolio of services: SOC 2! What is SOC 2? SOC 2 is a […]
A successful Bluetooth Low Energy Spoofing Attack (BLESA) allows threat actors to connect with a device (by getting around reconnection authentication requirements) and send spoofed data to the device. This first starts with malicious packets fooling the device into behaving abnormally and attackers manipulating the device to feed it misleading information. The vulnerability affects Linux, Android, […]
A successful penetration test requires good preparation with an airtight service-level contract between the customer and a supplier that helps both to achieve the ultimate goal: security. Listed in this post are some important items to include in the contract. These are by no means a full and comprehensive list but should serve to help […]
What is cyber security after COVID-19? We have now passed the stage of emergency policies and procedures being implemented, new technology being procured outside a normal tender and we have determined our businesses tasks that cannot be performed remotely since they require strict supervision. There were a few hiccups, lessons learned, but we are there […]
We have all seen how fast things can change in 2020 but the one thing that has not changed is the number of security breaches. In fact, the coronavirus increased the security threat landscape. One reason for this increase is due to the working from home (WFH) environment created more vulnerabilities and avenues for attacks. […]
WordPress’ popular plugin File Manager (versions 6.0-6.8) contains a vulnerability that allows an attacker to upload files and execute commands. Indicators of compromise include filenames such as “hardfork.php”, “hardfind.php” and “x.php”. The root of this problem is connector.minimal.php, which is due to a recent name change and executes directly — allowing the upload of malicious […]
With every security test, Risk Crew has performed, there has been at least one attack surface that can vary in their level of security. These can be viewed as the number of accessible machines and applications within them. As a result, the number of attack surfaces is not the only security measure to be implemented […]