Please consider updating your browser. Some parts of the website may not function as intended.

“Hate Mail” How a Single Email Can Compromise Zimbra Webmail Servers

Zimbra Webmail

The Zimbra webmail solution is affected by two serious vulnerabilities that could allow an attacker to gain complete access to an organisation’s sent and received emails. Zimbra released patches in June for these vulnerabilities, which a researcher at SonarSource discovered. CVE-2021-35208, the first of these vulnerabilities, is a stored cross-site scripting vulnerability affecting the Document […]

Protecting Your Organisation After a Ransomware Attack

ransomware attack

So, here is the scenario: you’re sitting at your desk working away and suddenly realise an attacker has taken over your screen. The threat actor is now demanding a hefty payment in exchange to release access to the system. You immediately report the incident to the Chief Information Officer and wait nervously to see what […]

Best Antivirus Software. Are You Sure?

Best Antivirus Software

If only it were as simple as the popular ‘XYZ’ Antivirus (AV) software solution is the best antivirus software and outperforms all the rest. But, unfortunately, sometimes marketing can be deceiving. As expected, popularity and quality do not go hand in hand with most AVs. As a result, there has been poor progress in AV […]

A File Manager Plugin in WordPress Contains Multiple Critical Vulnerabilities

file manager plugin in wordpress

Several vulnerabilities have been discovered in the Frontend File manager plugin in WordPress, which allows a remote attacker to inject malicious JavaScript into vulnerable websites. This is a class of vulnerability known as cross-site scripting (XSS). In this scenario, the XSS allows an attacker to: Delete blog pages Create admin user accounts Gain remote code […]

Hiring a Virtual CISO Verses a Full Time CISO Comparison

Virtual CISO

Most of us are aware that there is a huge gap of qualified cyber security talent available to hire. A study by the Center of Cyber Safety and Education identified that there may be close to 100,000 unfilled UK cyber security jobs by 2022. With this staggering statistic, it’s no wonder why many organisations battle […]

Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices

revil ransomware

REvil ransomware producers have ported their malware over to Linux to expand their campaigns. The primary objective appears to be to infect VMware’s ESXi virtual machine management software and Network-attached storage (NAS) devices. Researchers at AT&T’s Alien Labs have identified four samples in the wild. Whilst not unheard of, Linux attacks are rarer than compromises […]

12 Critical Policies for SOC 2 Compliance

Policies for SOC 2 Compliance

If you are considering getting your organisation SOC 2 compliant, this blog should be an eye-opener. Obtaining SOC 2 compliance could be quite a time challenge in terms of preparation, process and finances. Many achievements come with obstacles, but SOC 2 does not have to be difficult if you plan well. It will be well […]

How Long Does it Take to Get SOC 2 Compliance

how to get soc 2 compliance

To get straight to the answer of how long it takes to reach SOC 2 compliance – in general, you can expect 6 months to acquire SOC 1 Type 1 and 12 months for the SOC 2 Type 2 report. However, this will vary per size of the organisation and readiness level. It seems like […]

Why Cyber Essentials is Not Just a Tick Box – Interview with Dr Emma Philpott

As the question ‘why do I need a Cyber Essentials certification?’ continues to arise, Dr Emma Philpott, the Director and CEO of the IASME Consortium Ltd, answers intriguing questions and provides enlightening responses from her point of view in a recent webinar with Risk Crew. Give yourself a moment out of your day & enrich […]

“Kite in a Storm” Web Administrator to Remote Code Execution

Remote Code Execution

Researchers at ZX Security discovered a chain of vulnerabilities that ends with Remote Code Execution in the Accellion Kitework® framework. Kiteworks is a secure file-sharing platform targeted at enterprise audiences that facilitates sharing, syncing, and modifying files between internal and external users on multiple devices. CVE 2021-31585 was discovered in the administrative functionality, specifically the […]

Risk Crew