Did you know that human error caused 90% of UK data breaches in 2019, according to the ICO? Register for this free webinar and find out how to mitigate this imminent threat with current best practices and training methods for the workplace – whether that is in the office or at home. Plus you’ll get […]
There are many questions around why a Data Protection Officer (DPO) is needed and what their role is in an organisation. In this post, I’ll answer common questions that have been asked by organisations seeking to comply with the GDPR and DPA and from those looking to take on a DPO role. What is the […]
Users of twitter have been scammed by attackers who took control of well-known people such as Jeff Bezos and Elon Musk. Within 30 minutes, the attackers were supposedly able to gain over £80,000. This was shut down quickly, but a lot of damage had been done. There are 2 issues raised here: Security of twitter […]
Many organisations have sought to achieve Cyber Essentials Plus (CE+) certification remotely (as opposed to on-site) due to the Covid-19 Pandemic. As most staff have continued to work from home, this remote assessment option becomes necessary in order to maintain compliance and assure clients/suppliers that baseline security requirements are being met. Simple steps to complete […]
Over 40,000 SAP customers need to update to the latest version to mitigate risk from remote unauthenticated attackers obtaining complete access to their SAP database. Although there is no evidence it has been exploited yet, it is only a matter of time before malicious attackers take advantage of this. Don’t let them exploit you! The […]
“But my phone cannot be hacked!” Phrases like this are far too common and can hold significant consequences. For one, those who believe any device they use is impenetrable are unaware of the threats they face. Historically, these statements have a 100% chance of being wrong and have demonstrated that cyber security is a marathon, […]
This vulnerability gives the CVSS score of 10/10, meaning it could result in unpatched users to be completely compromised. The issue is in the TMUI configuration utility and can be exploited by unauthenticated remote attackers via sending a malicious HTTP request to the vulnerable server. In June, there were over 8000 vulnerable devices that were […]
Two CVE’s (2020-9497 and 2020-9498) have been announced in the Apache Guacamole service. Successful exploitation of these vulnerabilities would allow an attacker to hijack a session on the host device or steal credentials. These vulnerabilities have been highlighted in version 1.1.0 of Guacamole. This version of the software should be updated to the latest version […]
In this new business era of virtual working, I have been asked how to maintain your ISO compliance with staff working from home and while it poses some problems, it’s certainly not difficult. The first thing to remember is that ISO 27001 defines the requirements for the Information Security Management System (ISMS). This ISMS has […]
In our recent webinar, Achieving Cyber Essentials Plus, Nick Roberts and Taras Sachok provided valuable information on the CE+ process to reach certification. The webinar ended with a Q&A session that lent for some insightful questions. In this post, we list the answers to those questions asked by individuals looking to get a head start […]