Ransomware attacks are on the rise. Whether you’re a small business or a large organisation, you’re at risk and ransomware prevention is always better than recovering after an attack.
What is the Log4Shell Vulnerability?
Log4j is a logging library written in Java and the vulnerability, CVE-2021-44228, also commonly known as Log4Shell, allows a remote actor to send a crafted HTTP packet to servers or other software suite exposed to the internet, running the version below Log4j 2.15.0.
There are exciting times ahead for the PCI DSS as it aims to shift its position and up its game. Historically the PCI DSS has been criticised for being behind the technology curve, but as its latest iteration (version 4.0) is prepared for release by the Payment Card Industry Security Standards Council, we anticipate changes that will keep the standard in the here and now.
6 PCI DSS v4.0 changes we are anticipating:
It’s impossible to totally eliminate the risk of a cyberattack. No reputable cybersecurity company could give that assurance. For the same reason, you cannot simply pass or fail a TIBER test.
In fact, it would pose a higher risk to state you’d passed as you might take no further action.
Complacency in cybersecurity is risky.
Protecting your organisation from cyberattacks should be continual. And it must be specific to your risk profile and particular operations. As attacks become more sophisticated, so must your testing to keep one step ahead.
By Mike Buckley | Pre-Sales Consultant at Nettitude
Firewalls have been around for many years in various shapes and sizes, from simple Access Control Lists, to full “Next-Gen” threat prevention and sandboxing. They have evolved to (mostly) embrace Cloud strategies and remain an important security tool, protecting important assets and securing workspaces. However, they are usually perceived as a necessary evil.
It can be common to encounter applications not working as they should be after a firewall has been implemented. By their very nature, Firewalls should be preventing a lot more traffic than they permit, and it can be a challenge to configure them correctly to allow this access whilst at the same time not reverting to an overly permissive policy. As a result, organisations can rush through the process, sending applications live with rules in place that are designed as a quick fix, rather than a long-standing solution.
In order to correctly onboard clients to NOC services, Nettitude’s Network Operations experts must examine the integrity of a firewall and its setup to ensure the basics are in place. In this blog post, we’ll take a look at the basics of configuring a firewall policy.
By Fan Zhang | Cybersecurity Business Manager, APAC
When we talk about “ICS (Industrial Control Systems) Cyber Attacks” to organisations, we often mention that the systems are absolutely disconnected (air-gapped) from the IT network and from the Internet, so they can never be compromised. But is this always true?
From the growing number of ICS attack cases, we know that it is not the case and in this blog post, Nettitude aims to define what an ICS cyber-attack is and how organisations can protect themselves against them.
By Vanessa Santos | Security Consultant at Nettitude
Json Web Tokens (JWTs) are commonly used in many applications to validate the client’s identity. The JWT token is provided during authentication in case of success and this is then used in all authenticated interactions to the application.
The validation of user’s identity is based on the user’s information stored in the JWT token which is signed by the server using JSON Web Signatures. The information exchanged within the JWT can also be encrypted using JSON Web Encryption however this is not widely used.
Although the JWT token can be used in web applications there is a number of caveats that come with the choice of implementing JWT authentication tokens that can result in them being hijacked.
In this article we will be discussing these security implementation issues and will uncover ways of preventing an attacker from hijacking JWT tokens.
By Mike Buckley | Presales Consultant at Nettitude
49% of US organisations have suffered a data breach in the past year. With almost half of the nation’s businesses losing critical data, something is surely wrong.
Data is considered as one of the most important assets a business can have; it’s essentially the life blood of any organisation. Yet two of the biggest concern’s businesses have is the privacy and security of their data - and rightly so as once it’s compromised, it can cripple an organisation rapidly. Research from the University of Maryland indicates that hackers are active across the globe every 39 seconds. This means that a single computer unit could be under attack multiple times, every minute of the day. But how would you know If there’s a security breach?
File Integrity Monitoring (FIM) software is one of the solutions to this challenge, yet many businesses are unaware that this tool is available to them. However, in the words of Nicolaus Copernicus – To know that we know what we know, and to know that we do not know what we do not know, that is true knowledge.
Been as you’ve landed on this blog post; you’ve taken first step is identifying that your organisation could benefit from FIM. The second step is to find out what FIM is and how it works exactly.
This is where we can help!
The COVID-19 Pandemic has has showed us that the need for a comprehensive cybersecurity plan is more important than ever. Having a plan in place is important, but making sure that your cybersecurity measures are effective against an ever changing threat landscape is just as necessary.
Our Head of Threat Intelligence and Advisory Consulting, Anthony Long, recently presented at the InfoSec Webinar on "Cyber Security In A World Under Pressure." In the webinar, we took a look at the impacts of the pandemic and why threat intelligence-led testing is necessary.
By Sam Bohnel | Security Consultant at Nettitude
May 2017, the ransomware attack named WannaCry targeted computers running outdated and unpatched Microsoft Windows operating systems. The cyber-attack encrypted user’s files and unsuspecting victims were held at ransom to return their data. It was estimated the attack affected roughly 300,000+ plus computers worldwide.
One of the major victims of WannaCry was the National Health Service hospitals in England and Scotland, with up to 70,000 devices said to be infected by the ransomware cryptoworm. Critical medical devices including MRI scanners, blood storage refrigerators and theatre equipment were affected, resulting in severe disruption to the NHS and an estimated £92 million-pound expense.
WannnCry is just one case study of numerous health organisations becoming victims of cyberattacks. But, just why is the health sector such an enticing target for hackers?