Please consider updating your browser. Some parts of the website may not function as intended.

Best Antivirus Software. Are You Sure?

Best Antivirus Software

If only it were as simple as the popular ‘XYZ’ Antivirus (AV) software solution is the best antivirus software and outperforms all the rest. But, unfortunately, sometimes marketing can be deceiving. As expected, popularity and quality do not go hand in hand with most AVs. As a result, there has been poor progress in AV […]

4 Business Questions About IoT Devices

IoT Devices

Are your IoT devices secure? Internet of things (IoT) devices have seen year on year increases in business and personal use because they are usually beneficial in being convenient and easy to use. IoT devices are used for various purposes, from making smart homes to implementing a business’s security system. As with all internet connected […]

4 Simple Security Testing KPIs

security testing kpis

Cyber security is a journey and not just a destination. In the ever-changing security landscape, regular testing and mitigation are required. To prevent testing efforts from feeling like a sinkhole on time and funding, mechanisms can be used to track the output of testing to show progress and motivate internal teams to improve their practices. […]

Vulnerability Scanning and Penetration Testing – Know the Difference

There are a variety of different ways to assess the security integrity of the systems that process, store, or transmit your information assets. But I find it odd that this far down the cyber security road, a lot of businesses still don’t understand the basic difference between Vulnerability Scanning and Penetration Testing. I know it […]

Top 5 Signs of Social Engineering Attacks

how to protect against social engineering attacks

Can social engineering attacks be detected? Social engineering attacks usually have signs that can be spotted if you know what they are. However, since there are different types of social engineering attacks, it can be harder to know when to look for them. In short, any time information is exchanged in some form of communication, […]

Top 8 Metrics to Collect During Red Team Testing

Why should we collect metrics in a red team test? Metrics are a valuable way of measuring changes and improvements over time. A red team test is conducted to assess the controls and lack of controls in place to stop an attacker achieving certain goals. By using metrics during red team testing, you can observe […]

What to Include in Your Security Testing Supplier’s Agreement

A successful penetration test requires good preparation with an airtight service-level contract between the customer and a supplier that helps both to achieve the ultimate goal: security. Listed in this post are some important items to include in the contract. These are by no means a full and comprehensive list but should serve to help […]

Top Security Breaches that have Zoomed into 2020 Thus Far

We have all seen how fast things can change in 2020 but the one thing that has not changed is the number of security breaches. In fact, the coronavirus increased the security threat landscape. One reason for this increase is due to the working from home (WFH) environment created more vulnerabilities and avenues for attacks. […]

File Manager Plugin in WordPress Contains a Remote Code Execution Vulnerability

WP plugin vulnerability

WordPress’ popular plugin File Manager (versions 6.0-6.8) contains a vulnerability that allows an attacker to upload files and execute commands. Indicators of compromise include filenames such as “hardfork.php”, “hardfind.php” and “x.php”. The root of this problem is connector.minimal.php, which is due to a recent name change and executes directly — allowing the upload of malicious […]

The Importance of Minimising Attack Surface

minimising attack surface

With every security test I have done, there has been at least one attack surface that can vary in their level of security. These can be viewed as the number of accessible machines and applications within them. As a result, the number of attack surfaces is not the only security measure to be implemented but […]

Risk Crew