From the Blog

Continual Cyber Assurance
Peter

Chewbacca Malware

Security researchers have discovered that a piece of malware named after the Star Wars character Chewbacca has been used to steal payment card and personal information 49,000 payment cards stored by 45 retailers in 11 countries.

Read More »
News
Peter

2017 Password Fails

Throughout 2017 I kept a note of all the passwords encountered across 71 onsite penetration tests I was engaged on or peer-reviewed.  From all the passwords, two were extremely memorable:

Read More »
News
Peter

Unprecedented breach at Tesco Bank

On Sunday, Tesco Bank confirmed that 9000 customers had had funds removed from their accounts, in an attack which the banking regulator has described as “unprecedented in the UK”.

Read More »

Web Application Potentially Vulnerable to Clickjacking

A very common issue seen in vulnerability scan reports and to an extent, on Penetration Tests. The risk posed by clickjacking varies by who you talk to. For example, Hacker1 say it isn’t important at all and can be ignored. We believe that as a vulnerability, it is simple stupid to ignore it. Especially as

Read More »
Continual Cyber Assurance
Peter

Patching Humans

In 2009, back when I was the Chief Information Security Officer for Gala Coral Group, I wrote that one of the hot topics for many Chief Information Security Officers was reducing the potential for Data Loss.

Read More »
Data Protection
Peter

Protect your business

We are living in interesting times as far as information security is concerned. Does it not seem that every few months a large multinational or well established British brand/individual appear to have been the victims of hackers?

Read More »
Penetration Testing
Peter

5 Things You Should Know about PCI DSS Penetration Testing

The Payment Card Industry Data Security Standard, commonly shortened to PCI-DSS, was introduced to provide a minimum degree of security when it comes to handling customer card information. While the standard has been around for over a decade, specific requirements surrounding the penetration testing have only recently been officially incorporated into the process.

Read More »

Fixing SSL Medium Strength Cipher Suites Supported

Nessus Summary Nessus Plugin ID: 42873 CVSS v3.0 Base Score: 5.3 Nessus Description: The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Read More »

Fixing SSL Null Cipher Suites Supported

Nessus Summary Nessus Plugin ID: 66848 CVSS v3.0 Base Score: 5.3 Nessus Description: The remote host supports the use of SSL ciphers that offer no encryption at all. Note: This is considerably easier to exploit if the attacker is on the same physical network. How to Fix Null cipher suites is where a zero level

Read More »

Fixing Weak Cipher Suites

Nessus Summary Nessus ID: 26928 CVSS v3.0 Base Score: 5.3 Nessus Description: The remote host supports the use of SSL ciphers that offer weak encryption.Note: This is considerably easier to exploit if the attacker is on the same physical network. How to Fix This vulnerability is cased by a weak strength cipher being present in

Read More »

Fixing SSL RC4 Cipher Suites Supported (Bar Mitzvah)

Nessus Summary Nessus ID: 65821 CVSS v3.0 Base Score: 2.6 Nessus Description: The remote host supports the use of RC4 in one or more cipher suites. The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its

Read More »
Scroll to Top