Cyberis Blog

Reassuringly clear thinking.

  • Cyber Essentials

Cyber Essentials Charity Month 2024

During Charity Awareness Month this year, IASME and participating partners are offering a reduction of £75 to all qualified participants. If assessed through Cyberis, qualified participants will also receive a discount towards Cyber Essentials Plus assessments. This will allow an organisation to gain further insight into their security posture and assess if they are correctly following IASME's pillars of security.

Read more
  • News

CrowdStrike / Windows Outage

There are reports that an update to CrowdStrike Falcon Sensor, relating to a faulty channel file, on Windows machines caused these systems to crash with a BSOD and then enter a boot loop, preventing the systems from operating normally.

Read more
  • Cyber Essentials
  • Penetration testing

The Importance of The Cyber Essentials Scheme

The Cyber Essentials Scheme is a UK-based certification program that aims to help organisations improve their cybersecurity posture and protect themselves from common cyber threats. The scheme covers five core pillars of security: secure configuration, boundary firewalls, access controls, patch management, and malware protection. By implementing these controls, organisations can reduce the risk and impact of cyber attacks, which affect 32% of UK businesses and cost around £736 million in 2021. The scheme also offers benefits such as enhanced market reputation, lower cyber insurance premiums, and compliance with government contracts. The Cyber Essentials Scheme is therefore an essential certification for any organisation operating in the UK, regardless of size or sector.

Read more
  • Penetration testing
  • Tools and techniques

The Overlooked Control: Cache-Control in Mobile App Security

In the realm of mobile application development, attention often gravitates towards high-profile security vulnerabilities like SQL injection, business logic flaws, or weak access controls. However, one crucial aspect that often slips under the radar is the proper implementation of cache-control settings, especially when handling Network API requests. While seemingly innocuous, neglecting cache control can open a Pandora's box of security risks, a fact often overshadowed by more sensational security findings.

Read more
  • Red teaming

"Assumed Compromise" Assessments: A Guide

In red teaming, defining the business objectives of the exercise early is essential to driving the best value realisation from the exercise. Each attack simulation involves a bespoke scoping exercise, and it is during these scoping processes that we discuss different ways of potentially achieving the desirable business objectives and the pros and cons of each.

Read more
  • Penetration testing
  • Red teaming
  • Tools and techniques

Avoiding Microsoft OneNote attachments spreading malware on your network

OneNote is note-taking software, developed by Microsoft and is included in the default Office suite bundle. In recent years, OneNote files have become popular channels for attackers to distribute malware, given their common installation and Microsoft's organisational measures to block macros from running in Excel and Word.

Read more
  • Red teaming

Informed consent: Social engineering and 'assumed compromise'

"Informed consent: Permission granted in full knowledge of the possible consequences" We're familiar with the concept of informed consent; in medicine, we treat it as criminal to perform a medical intervention without valid informed consent being in place. In red teaming, informed consent is just as important.

Read more
  • Penetration testing
  • Tools and techniques

Five-Minute Fix: Frameable Responses (Clickjacking)

A 'Frameable Responses' or 'Clickjacking' vulnerability is reported when a web application allows its contents to be framed by another website. This may be reported because of a lack of a 'Content-Security-Policy' HTTP response header, and/or a lack of an appropriate 'X-Frame-Options' HTTP response header. When a page can be framed by another website, an attacker can load the target site in an iFrame on a website they control and render decoy layers over the victim site that is being framed, to trick a user into sending sensitive information or clicking a button that can cause an unintended action.

Read more

Improve your security

Our experienced team will identify and address your most critical information security concerns.