Cyber Security News & Current Events

Security Fundamentals - Part 1: Do this before buying the next security product

Posted by Tim on 24/11/16 8:50 AM

A common theme amongst many engagements and discussions are “we are having issues maintaining control over our environment what products can solve this problem for us”. Questions like this are tackling the problem by jumping to a solution without identifying the cause and they can usually be addressed without buying a new security product.

Read More

Topics: Fundamentals

Top 5 Risks a Penetration Test Might Uncover

Posted by Eddie on 5/02/16 1:59 PM

As organisations continue to adopt advancements in information technology and work towards an interconnected world, malicious attackers have not fallen short. The cyber threat landscape has never been more intense, and cyber security has never been more important.

Read More

Topics: Pentesting, Red Teaming, Risk Assessment

What does the eBay hack and Jeremy Clarkson have in common?

Posted by Security Centric on 26/05/15 9:40 AM

The recent compromise and subsequent theft of personal information from eBay has reinforced one aspect of any mature information security approach – adequate application of defence in depth.

Read More

Security Centric joins PCI QSA program, but for different reasons

Posted by Sash on 14/05/15 2:05 PM

QSA organisations and individual assessors usually complete the final phase of a PCI DSS compliance program – that is, a final audit. Whilst Security Centric is a QSA organisation, only a small proportion of engagements are to perform the final compliance audit.

Read More

Complete Heartbleed Protection in Under 36 Hours From Discovery

Posted by Sash on 14/04/14 4:20 PM

Much has been written about the OpenSSL Heartbleed vulnerability, which affects the TLS heartbeat mechanism used by some versions of the OpenSSL library. Numerous open source and commercial products use affected versions of OpenSSL for their implementation of PKI, including enterprise hardware and software products.

Read More

Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|

Subscribe:

Recent Posts