Cyberis Blog

Reassuringly clear thinking.

  • Cloud risk management
  • Remote working

Future Work Expectations

Some industries have already migrated to a cloud centric view for daily operations, and this provides freedom for both the employer and the employees. Companies can now tap into global markets as geography no longer serves as a barrier and as mentioned in previous articles, ZeroTrust models continue to define how these remote identities are connected into the environment.

Read more
  • Cloud risk management
  • Remote working

Cloud-Centric Models

Cloud environment management and setup can be very different from traditional internal/external based infrastructure deployment and therefore careful planning and design consideration is key to building scalable, resilient, secure cloud environments.

Read more
  • Cloud risk management

Identifying errors in cloud configurations that could lead to data breaches

Migrating from an on-premise paradigm to a cloud-based paradigm can be confusing and fraught with unconsidered risks.  When you adopt cloud-based solutions – be they Platform as a Service, Software as a Service or Infrastructure as a Service – you will inevitably outsource much of the management and administration of the service to a cloud provider.  Responsibilities that you previously held yourselves may now be the province of the cloud service provider rather than yourself.  In this environment, you need to understand what your responsibilities are, and what you have delegated externally.

Read more
  • Research

Let's Talk Quantum Cryptography Pt 2

When testing these types of systems, vulnerabilities can be broken down into two broad classes: Inherent flaws – These occur when an assumption made during the creation of a protocol doesn’t hold to be true, a new mathematical technique for example may break the security of the protocol. An example of a protocol with inherent flaws would be SSLv3. Implementation flaws – These occur because physical systems aren’t perfect, nor is our adaptation of theoretical principles to physical mediums. Where these imperfections exist so does the potential for exploitation. Today we’ll be looking at some implementation flaws, but to begin let’s have a think about the set-up Alice and Bob will need to carry out the steps of the BB84 protocol.

Read more
  • Attack surface discovery
  • Red teaming

Shadow IT and Technical Debt: The Adversary's Allies

Shadow IT increases your business' security risks and is invisible to you. It might not be covered on your asset lists, because your asset management lists are incomplete. It might have no assigned owner, either because it doesn't fit neatly into any business unit, or isn't related to any current operational priorities but hasn't been fully decommissioned yet. It might have been installed outside of usual processes, either without authorisation or because usual processes were overridden.

Read more
  • Penetration testing

Common TLS/SSL Issues And What They Mean

Whilst it may be tempting to support older protocol versions, such as TLS 1.0 or even SSLv3, to maximise compatibility with legacy systems, this does not come without serious security compromises. Older protocol implementations can have inherent weaknesses that undermine the security they offer. They can lack support for modern encryption algorithms used in more secure cipher suites and may be missing features implemented in later versions, specifically designed to mitigate against the shortcomings of the older protocol.

Read more
  • News
  • Red teaming

Cyberis Becomes CBEST Approved

Cyberis has announced that it is now an approved Penetration Testing provider under the Bank of England (BoE)'s CBEST scheme. CBEST is a framework run by the Bank of England through the industry body CREST that delivers controlled, bespoke, intelligence-led cyber security tests, to increase the resiliency of financial services organisations against cyber attacks. Regulators such as the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA), have integrated the CBEST security assessment framework into their supervisory strategies.

Read more
  • News
  • Research

Domain Hijacking Via Logic Error - Gandi And Route 53 Vulnerability

On 12 February 2021, Cyberis identified a weakness in the domain transfer processes of Gandi which allowed any Nominet registry domain (including .co.uk and org.uk domains) registered with Gandi to be transferred out of the owner’s control and into the control of an arbitrary AWS Route 53 account, without any authorisation being provided by the owner of the domain. 

Read more

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Contact us About Cyberis