Information Security

Securing your VPN and RDP sessions against attackers

Mandiant have recently published their 2015 M-Trends report which highlights the new attack trends they have identified through their role as security incident first responders over the last year.  It is an interesting and informative report which is worth a read, and can be found here (registration is required, I’m afraid!).  A couple of key points from the report caught my attention, most notably how attackers are exploiting remote access facilities such as VPNs. […]

Why cyber insurance should be your last line of defence

Data breaches are proliferating, and the associated costs are exploding. According to the Ponemon Institutes’s “2014 Cost of Data Breach Study: United Kingdom” study, the average cost of a data breach has reached in the UK increased from £2.04 to £2.21 million.

Businesses’ general liability policies don’t cover those costly data breaches, which points to cyber insurance being a wise choice.  In fact, AON PLC, the world’s largest reinsurance broker, claimed in October 2014 that the cyber insurance market was at the time growing at 38% annually.

However, as a case in the US a bit earlier this year has shown, cyber insurance should not be relied upon as your first line of cyber defence.  […]

NIST releases new ICS security guidance

The National Institute of Standards and Technology (NIST) has released an updated version of its “Guide to Industrial Control Systems (ICS) Security.”   The 247-page document provides ICS operators guidance on securing supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as programmable logic controllers (PLC). […]

Information Security

Cyber Essentials with CS Risk Management

CS Risk Management have recently obtained the accreditation to provide the full suite of Cyber Essentials certification body services.  Over and above Cyber Essentials Plus certification, this also now includes verification of Basic Cyber Essentials self-assessment submissions and issuing of Basic Cyber Essentials certificates to those customers who meet the requirements set out in the scheme. […]

UK Government chooses not to renew XP support

UK newspaper, The Guardian, reports that the UK government is not going to renew support for their aging and now unsupported Windows XP desktop infrastructure. Microsoft withdrew its extended support programme for Windows XP, its 14-year-old operating system, in April 2014. Given the number of Windows XP PCs still being used in government and businesses Read more about UK Government chooses not to renew XP support[…]

Microsoft to support SSH in Windows #InfoSec # Crypto

Microsoft finally is planning to support SSH in Windows and the company’s engineers also will contribute to the OpenSSH project. While SSH has been a popular tool for remote login and command execution on many Unix and linux systems for years, Windows has not supported SSH by default, for a variety of reasons. Microsoft has Read more about Microsoft to support SSH in Windows #InfoSec # Crypto[…]

Information Security

IC3 Issues Internet Crime Report for 2014

Original release date: May 22, 2015 The Internet Crime Complaint Center (IC3) has released its Internet Crime Report for 2014, indicating that scams relating to social media — including doxing, click-jacking, and pharming — have increased substantially over the past five years. US-CERT encourages users to review the IC3 Alert for details and refer to Read more about IC3 Issues Internet Crime Report for 2014[…]

Information Security

Google Releases Security Update for Chrome

Original release date: May 19, 2015 Google has released Chrome version 43.0.2357.65 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary Read more about Google Releases Security Update for Chrome[…]