LRQA Nettitude Blog

Should you choose a local or global TIBER test provider?

Posted by Anthony Long on Oct 1, 2021

Finding the right TIBER test provider for your organisation is crucial. You’ll want a secure test, but there’s huge value in knowing how to act on the results to protect your operations. An obvious question exists: should you opt for a local provider in your country or choose a larger, global tester?

We consider both options to help you make an informed choice.

Should you choose a local or global TIBER test provider

Read More

Topics: Financial Services, TIBER

What is a Bug Bounty?

Posted by Chris Oakley on Sep 14, 2021

Cybersecurity testing is more crucial than ever. Whilst you’re probably familiar with our penetration testing services, you might not know about our bug bounty platform. And yet, it’s incredibly valuable to maximise your security.

Read More

Topics: Penetration Testing, Bug Bounty

Process Hiving - Red Teaming Whitepaper

Posted by Rob Bone and Ben Turner on Sep 2, 2021

Our red team has created a new technique, and accompanying tool, that allows a red team operator to avoid many of the usual indicators that can trigger detection alerts when using existing tools. Avoiding detection is a high priority for a red team operator because this usually signals the imminent end of the compromise, as the network defenders start to contain and eradicate the threat.

Read More

Topics: Red Teaming, Process Hiving

Why you never pass or fail a TIBER test

Posted by Nettitude on Aug 26, 2021

It’s impossible to totally eliminate the risk of a cyberattack. No reputable cybersecurity company could give that assurance. For the same reason, you cannot simply pass or fail a TIBER test.


In fact, it would pose a higher risk to state you’d passed as you might take no further action.


Complacency in cybersecurity is risky.

Protecting your organisation from cyberattacks should be continual. And it must be specific to your risk profile and particular operations. As attacks become more sophisticated, so must your testing to keep one step ahead.

 

Read More

Topics: Financial Services, TIBER

How JWT Hijacking Can Be Prevented | LRQA Nettitude

Posted by Nettitude on Apr 16, 2021

By Vanessa Santos | Security Consultant at LRQA Nettitude

Json Web Tokens (JWTs) are commonly used in many applications to validate the client’s identity. The JWT token is provided during authentication in case of success and this is then used in all authenticated interactions to the application.

The validation of user’s identity is based on the user’s information stored in the JWT token which is signed by the server using JSON Web Signatures. The information exchanged within the JWT can also be encrypted using JSON Web Encryption however this is not widely used.

Although the JWT token can be used in web applications there is a number of caveats that come with the choice of implementing JWT authentication tokens that can result in them being hijacked.

In this article we will be discussing these security implementation issues and will uncover ways of preventing an attacker from hijacking JWT tokens.

Read More

Topics: Cyber Security, Nettitude, Security Blog, JSON Web Token

How Endpoint Detection and Response can improve healthcare cybersecurity | Nettitude

Posted by Nettitude on Mar 15, 2021

By Jenny Wu | Senior Incident Response Consultant at Nettitude

 

The move to the Cloud and remote working models has changed the way networks are connected. Today, we are shifting focus from security to protecting assets rather than the traditional perimeter. Traditional anti-virus is no longer able to keep up with newer attacks and vulnerabilities, allowing compromises to occur more frequently; especially for the healthcare industry which is frequently targeted. They therefore need additional protection in the form of Endpoint Detection and Response (EDR) Tooling.

Read More

Topics: Cyber Security, Nettitude, Security Blog, Financial Services, Financial Security

Introducing our Bug Bounty Programme | LRQA Nettitude

Posted by Nettitude on Mar 12, 2021

By Nettitude

Today, we’re excited to announce the launch of our Nettitude Bug Bounty programme .

Over the past few months, we’ve been running a Bug Bounty trial with a number of our clients, which we’re pleased to say has been successful. Now, we’re ready to open our Bug Bounty service up to the world.

Read More

Topics: Cyber Security, Nettitude, Security Blog

Nettitude Choose to Challenge | International Women’s Day 2021

Posted by Nettitude on Mar 8, 2021

By Nettitude

Today, just 19% of the technology sector is represented by females. While it’s true that the industry still has a long way to go in achieving true gender equality, we are slowly and surely beginning to see change.

Nettitude can attest to this. As an organisation within the technology sector, Nettitude are proud to be one of few organisations within our industry to be led by a female CEO. Under the direction of Karen Bolton our values and vision for the future are bright when it comes to women making an impact, in which each Nettitude colleague is viewed as an important and impactful individual, despite their gender.

Read More

Topics: Cyber Security, Nettitude, Security Blog

Healthcare Cyber Threats in IoT Devices | Nettitude

Posted by Nettitude on Feb 25, 2021

By Matt Tryphona | Security Analyst at Nettitude

The Healthcare industry remains highly targeted by hackers due to the great deal of personal data that is used and handled on a day-to-day basis. One of the biggest cyber Risks within healthcare is IoT devices, as they can be used as a gateway for capturing sensitive data if not secured correctly.

When we think of an IoT device, you may think about smart-home devices, such as a smart plug, or smart bulb controlled from an app on your phone. We may even think of a ‘smart’ assistant controlled by our voice, which can do much more than just tell you the weather. The ‘smart’ assistants can act as an IoT hub that control our devices to provide a seamless futuristic experience.

It’s one thing for the security of devices in the home to be breached, but within a healthcare environment, this can have a detrimental knock on effect across the board in light of an increasing variety and severity of healthcare cyber threats. Below we’ll take a look at what IoT is, how it’s used within the healthcare industry, and how a security breach could impact the industry.

Read More

Topics: Cyber Security, Nettitude, Security Blog, Security Testing, Cyber Security Blog, SEO Series

Protecting Against Encrypted Cyber Threats | Nettitude

Posted by Nettitude on Feb 19, 2021

By Greg March | SOC Platform and Security Analyst at Nettitude

Technology is at the forefront of innovation with new hardware, software and AI breakthrough announcements on a daily basis. From the creation of the first computer (ENIAC developed in 1946) to the rise of IOT smart fridges, data remains the key to the interconnected world around us.

Over recent years, the rise in cyber-criminal activity has highlighted the pressures and importance of developing secure technology - whether that is for data in transit or at rest. Transport encryption such as SSL(secure Socket Layer)/TLS(Transport Layer Security) and HTTPS (Hyper Text Transfer Protocol Security) technologies are exactly that, they provide a secure method of transporting encrypted data from one machine to another, preventing unauthorized actors from stealing private information.

Although encryption was first developed with security and privacy in mind, hackers and cyber criminals of even low sophistication levels have incorporated the advantages of encryption in their attack techniques.

Read More

Topics: Cyber Security, Nettitude, Security Blog, Cyber Security Blog, SEO Series

Subscribe Here!

About LRQA Nettitude

Through our connected portfolio of advanced cybersecurity solutions, LRQA Nettitude helps companies to identify and manage the vulnerabilities and threats that pose a risk to their business, building cybersecurity resilience and underpinning your business strategy with proactive measures.

Recent Posts

Posts by Tag

See all