Cyberis Blog

Reassuringly clear thinking.

  • Detect and respond
  • News
  • Tools and techniques

Exchange Zero Day - CVE-2022-41040 and CVE-2022-41082

Microsoft Exchange is one of the most popular enterprise email products and runs on Windows Server operating systems. In August 2022, researchers at GTSC discovered a flaw in Exchange which allows attackers to obtain remote code execution on affected systems. Critically, this vulnerability affects fully patched Exchange Servers which renders this exploit as a zero-day vulnerability. These vulnerabilities have recently been confirmed by Microsoft as CVE-2022-41040 and CVE-2022-41082.

Read more
  • News

Cyberis sponsors Cyber Scheme

Cyberis is pleased to be a sponsor of Cyber Scheme, a not-for-profit organisation providing examinations and training to develop the next generation of cyber security professionals.

Read more
  • News

We're rebranding!

We're excited to announce that we're rebranding Cyberis as of 1 March 2022.  We've created a whole new brand identity, including a new logo, a refreshed colour palette and new brand pillars which represent who we are, and what we do for our customers. This was a big decision, and it's been a complex journey for us as a team.  So where did we start, and how did we get where we are now?

Read more
  • News
  • Red teaming

Cyberis Becomes CBEST Approved

Cyberis has announced that it is now an approved Penetration Testing provider under the Bank of England (BoE)'s CBEST scheme. CBEST is a framework run by the Bank of England through the industry body CREST that delivers controlled, bespoke, intelligence-led cyber security tests, to increase the resiliency of financial services organisations against cyber attacks. Regulators such as the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA), have integrated the CBEST security assessment framework into their supervisory strategies.

Read more
  • News
  • Research

Domain Hijacking Via Logic Error - Gandi And Route 53 Vulnerability

On 12 February 2021, Cyberis identified a weakness in the domain transfer processes of Gandi which allowed any Nominet registry domain (including .co.uk and org.uk domains) registered with Gandi to be transferred out of the owner’s control and into the control of an arbitrary AWS Route 53 account, without any authorisation being provided by the owner of the domain. 

Read more
  • News
  • Red teaming

Cyberis Achieves CREST STAR-FS Accreditation

Cyberis has become one of the first cyber security companies to receive accreditation for the CREST STAR-FS framework to deliver intelligence-led penetration testing for the financial sector. The Simulated Target Attack and Response (STAR) scheme has been developed by CREST to meet the needs of Regulators to better understand the current cyber security posture of regulated financial services companies and identify where improvements in security arrangements need to be applied.

Read more

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Contact us About Cyberis