- Detect and respond
- Tools and techniques
Exchange Zero Day - CVE-2022-41040 and CVE-2022-41082
Microsoft Exchange is one of the most popular enterprise email products and runs on Windows Server operating systems. In August 2022, researchers at GTSC discovered a flaw in Exchange which allows attackers to obtain remote code execution on affected systems. Critically, this vulnerability affects fully patched Exchange Servers which renders this exploit as a zero-day vulnerability. These vulnerabilities have recently been confirmed by Microsoft as CVE-2022-41040 and CVE-2022-41082.
Cyberis sponsors Cyber Scheme
Cyberis is pleased to be a sponsor of Cyber Scheme, a not-for-profit organisation providing examinations and training to develop the next generation of cyber security professionals.
We're excited to announce that we're rebranding Cyberis as of 1 March 2022. We've created a whole new brand identity, including a new logo, a refreshed colour palette and new brand pillars which represent who we are, and what we do for our customers. This was a big decision, and it's been a complex journey for us as a team. So where did we start, and how did we get where we are now?
- Red teaming
Cyberis Becomes CBEST Approved
Cyberis has announced that it is now an approved Penetration Testing provider under the Bank of England (BoE)'s CBEST scheme. CBEST is a framework run by the Bank of England through the industry body CREST that delivers controlled, bespoke, intelligence-led cyber security tests, to increase the resiliency of financial services organisations against cyber attacks. Regulators such as the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA), have integrated the CBEST security assessment framework into their supervisory strategies.
Domain Hijacking Via Logic Error - Gandi And Route 53 Vulnerability
On 12 February 2021, Cyberis identified a weakness in the domain transfer processes of Gandi which allowed any Nominet registry domain (including .co.uk and org.uk domains) registered with Gandi to be transferred out of the owner’s control and into the control of an arbitrary AWS Route 53 account, without any authorisation being provided by the owner of the domain.
- Red teaming
Cyberis Achieves CREST STAR-FS Accreditation
Cyberis has become one of the first cyber security companies to receive accreditation for the CREST STAR-FS framework to deliver intelligence-led penetration testing for the financial sector. The Simulated Target Attack and Response (STAR) scheme has been developed by CREST to meet the needs of Regulators to better understand the current cyber security posture of regulated financial services companies and identify where improvements in security arrangements need to be applied.