Navigating the Treacherous Landscape of Security Risks In today’s fast-paced digital world, the adoption of cloud services has become a necessity rather than a luxury for businesses and individuals alike. The convenience and scalability that cloud computing offers are hard to match by traditional on-premises IT infrastructure. However, with great power comes great responsibility – […]
Understanding SAMA’s Cyber Security Framework Due to the increasing ubiquity of cyber-attacks, the financial sector of Saudi Arabia has realised the need to strengthen its defences or risk untold losses. As a result, the Saudi Arabian Monetary Authority set about creating the SAMA Cyber Security Framework. This guide will walk you through what the framework […]
What is DORA? The Digital Operational Resilience Act (DORA) is an EU regulation that was enacted on 16 January 2023 and will apply as of 17 January 2025. This act aims at strengthening the Information and Communication Technology (ICT) security with financial entities. DORA harmonises the rules on digital operational resilience for the financial sector, […]
AI in Simple Terms At its core, AI is simply software that can ‘think’, ‘learn’, and ‘make’ decisions – somewhat like we humans do. AI systems aren’t programmed in the traditional way – but instead, and to an extent, program themselves. Generative AI is a specific type of AI that can generate content that didn’t […]
EU Cyber Resilience Act The Cyber Resilience Act (CRA) exists to bolster cyber security for the EU. But it has not been without controversy. Many open-source organisations have criticised the act for creating ‘a chilling effect on open-source development.’ The proposal spells out defence and resilience on several fronts. One is to protect consumers […]
Risk Rating: CRITICAL CVSS Score: 9.8 Vulnerability Type: Remote Code Execution (RCE) CVE Identifier: CVE-2023-50164 Exploitation Status: Actively exploited. Affected Version: Struts 2.0.0-2.3.37(EOL), 6.0.0-6.3.0.1, 2.0.0-2.5.32. Link: Apache.org Introduction Recently discovered, CVE-2023-50164 reveals a critical flaw in Apache Struts that could allow hackers to execute code remotely by manipulating file upload settings. Actively exploited, this poses an […]
You know that feeling when you walk into an office, and it looks like a hurricane just blew through? Papers litter the area, sticky notes cling to computer monitors like colourful barnacles, and chaos fills the air. The implications of these might seem obvious but they pose greater problems — Information and Cyber Security Risks. […]
ISO/IEC 27001 is an international standard for creating an information security management system (ISMS). It provides a systematic approach for organisations to manage and protect their sensitive information. This standard is broken down into Clauses and Security Controls (Annex A) which every organisation that intends to be ISO 27001 compliant is required to follow. The […]
Imagine a world intricately woven with connections, where information flows like a meandering river of possibilities. This is the world we currently live in. In the past, intelligence primarily revolved around strategic knowledge, used by decision-makers to gain advantages, often centred on foreign capabilities, global events, and local concerns, particularly in the military and security […]
NIS 2 is Changing It’s getting Risky out there… The protection of our networks and systems is of utmost importance, now more than ever. Attackers are increasingly sophisticated and attack with increasing frequency and ferocity. Only a Superhero (in the guise of an EU directive) can help us. Is it a bird? Plane? An A.I. […]