Zero-Day Exploit in Internet Shortcuts: What You Need to Know about CVE-2024-38112

The APT group known as Void Banshee has been conducting spear phishing campaigns at a near global level for several months. The group has been making use of a zero-day exploit found in the rendering engine for Internet Explorer, known as Trident. The final payload for the attack is the Atlantida Stealer malware. This malware […]

The Risks of Excessive Admin Privileges

The Risks of Excessive Admin Privileges In any business, especially SMEs, admin privileges are crucial for managing IT systems. However, when too many people have these privileges or they’re not managed well, it can spell trouble. Let’s examine the potential consequences of excessive admin privileges and ways to mitigate the impact of compromised admin accounts. […]

Essential Eight and Non-Windows Devices

Introduction Cybersecurity isn’t just a Windows-world concern; it’s a universal necessity. Originally tailored for Windows environments, the Essential Eight framework is a set of strategies designed to harden systems against attacks. But what about Mac, Linux, or other operating systems that also face significant security threats? Join us as we explore how the universally relevant […]

Critical SSH Vulnerability (CVE-2024-3094): A Sophisticated Supply Chain Attack

On March 29th, 2024, a shocking revelation by Microsoft software engineer Andres Freund exposed a years-long plot within the open-source community. A malicious actor had successfully planted a backdoor into SSH, earning this vulnerability a critical CVSS score of 10. The backdoor could allow attackers to bypass authentication and execute code remotely on infected systems. […]

Insure Your Security: Protect Against Cyber Risks

The Cost of Non-Compliance: How Cybersecurity Practices Impact Insurance In today’s hyper-connected digital world, the importance of cybersecurity cannot be overstated. With cyber threats evolving at an unprecedented pace, organisations across all industries and sectors are increasingly vulnerable to attacks that can disrupt operations, compromise sensitive data, and inflict significant financial losses. In response, many […]

The Necessity for Suppliers to Adopt the Essential Eight

Suppliers are an integral part of an organisation’s operations and often have access to sensitive information or critical infrastructure. Here are detailed reasons why it’s essential for suppliers to implement the Essential Eight framework: Supply Chain Security: The security of an organisation is only as strong as its weakest link. Suppliers with inadequate cybersecurity measures […]

Older Applications and the MFA Gap

Older Applications and the MFA Gap Older applications, built with outdated technology frameworks, are relics of a past time when cybersecurity factors were very different from today or even not present at all.  These applications from the past were forged in an age when security was but an afterthought, their foundations laid without the foresight […]

The Essential Eight: A Comprehensive Framework for Cybersecurity Excellence

The Essential Eight: A Comprehensive Framework for Cybersecurity Excellence In an era marked by ever increasing and more frequent cyber threats, the Essential Eight framework gives clarity and efficacy, offering organisations a carefully crafted set of strategies that prioritise simplicity, standardisation, ease of use, familiarity, and the crucial balance between protection and business continuity. The […]

WHAT is VOLT TYPHOON?

WHAT is VOLT TYPHOON? The more correct question is WHO is Volt Typhoon? Volt Typhoon is a state-supported Chinese cyber operation. As detailed in an advisory released 8 Feb 2024, the ACSC reported that Volt Typhoon has compromised thousands of internet-connected devices as part of a larger effort to infiltrate western critical infrastructure, including naval […]