Our Cyber Security Blog
Welcome to our Cyber Security Insights. Some might call it a blog.
-
Hardening SSH on Linux
Posted: 2022-05-21 by Peter Bassill
-
Cost of a Virtual CISO Cost in 2022
Posted: 2022-04-28 by Peter Bassill
Every company starts its cybersecurity journey somewhere, and some can jump right in and hire a full-time CISO. For many, this is not the right choice.
-
Pipedream ICS Malware
Posted: 2022-04-25 by Peter Bassill
Pipedream ICS targetted malware framework affecting Schneider Electric and Omron ICS systems. Referred to as Pipedream and Incontroller, the malware is targeting industrial control systems (ICS). We took a look at the malware.
-
Simulated Cyber Attack or Penetration Testing
Posted: 2022-04-18 by Peter Bassill
Penetration Testing or Simulated Cyber Attack. One of them will be the right solution for your business or organisation, and both will help in achieving essential cyber security improvements and objectives.
-
Top 5 Penetration Testing Methodologies and Standards
Posted: 2022-04-15 by Peter Bassill
Penetration testing can deliver widely different results depending on which standards and methodologies they leverage. New and updated penetration testing standards provide an excellent, structured guide and methodology for companies and individua
-
How Big a Problem is Maritime Cyber Security
Posted: 2022-03-31 by Peter Bassill
Maritime cyber security is a problem that, despite getting increasing attention, is still a significant cause for concern. The size of the cyber security problem was recently highlighted, which accentuated the costs and potential impacts on re
-
What is Penetration Testing
Posted: 2022-03-27 by Peter Bassill
Penetration testing is the art/science mix of identifying weakness, misconfiguration and vulnerabilities in People, Process and Technology. Also known as ethical hacking, penetration testing has many other shortenings. These include pen test
-
What does Russias invasion mean for Cyber Security
Posted: 2022-02-24 by Peter Bassill
Whats does Russia's invasion mean for Cyber Security? In the shadows of the internet, we have been monitoring Russia’s formidable cyberwarfare force in their preparations to unleash a new wave of cyber-attacks on Ukrainian targets.%3
-
Remote Code Execution on Unifi devices
Posted: 2022-01-29 by Peter Bassill
A new exploit against Unify network devices, of which there is a large number within Gibraltar, was observed on the 20th of January of this year.
-
Cyber guidelines for organisations over Ukraine situation
Posted: 2022-01-27 by Peter Bassill
The UK's National Cyber Security Centre has published urgent guidance to organisations in light of the activities undertaken by the Russian military's Cyber Warfare teams.
-
How to achieve Cyber Essentials certification
Posted: 2021-12-31 by Peter Bassill
How to achieve Cyber Essentials certification in 2022, without getting a headache.
-
How to prevent ransomware in your world
Posted: 2021-07-07 by Peter Bassill
The current Ransomware situation is growing at an alarming rate, and yet there are some things that businesses and families can do to protect themselves. In this I am going to go through the steps that we at Hedgehog have implemented, so you can
-
Cyber Security News for June 2021
Posted: 2021-06-02 by Peter Bassill
Well, that is the first half of 2021 almost over. We are into summer and it has been a somewhat rough 18 months for everyone. Things are starting to settle down and businesses are now well versed in their new normal of remote working mixed with a small num
-
TOR the onion router and why i use it daily
Posted: 2021-06-01 by Peter Bassill
Peter, our CEO, talks about why he uses Tor in his day to day lif
-
Configuring Kali Linux for Cyber Essentials Plus
Posted: 2021-05-21 by Peter Bassill
IASME asked us to write up our Kali Linux build after a lot of firms were having issues getting their Kali builds through the Cyber Essentials Plus standard. So here I have documented how to build and configure our base Kali Linux machines.
-
Ecclesiastical issues cybercrime warning
Posted: 2021-03-13 by Peter Bassill
Sat enjoying my early morning cup of coffee, as is my want most mornings, when I got an article alert through Linkedin that piqued my interest.
-
Cheap Penetration Testing Explained
Posted: 2021-02-25 by Peter Bassill
With penetration testing, you are purchasing the skill of a professional tester, not a toolset or a license code. So I thought it might be useful to explore what happens when you want to pay less for a test.
-
3 Reasons to talk to us about a Penetration Test
Posted: 2021-01-29 by Peter Bassill
3 reasons why you should talk about penetration testing, without any Fear, Uncertainty or Doubt.
-
Gaming Security sees another Casino Flatlines
Posted: 2021-01-26 by Peter Bassill
Cache Creek Casino Resort, in northern California, has been offline since late September due to what it calls a systems infrastructure failure. Their computer systems were the target of an outside attack and that the incident is under investigat
-
A New Year and a New NSA - NSA Helping Microsoft
Posted: 2021-01-26 by Peter Bassill
Technology has been progressing faster and faster over the years. What was a critical vulnerability in 2005 is now a redundant memory in the security industry keeping a “gentle” reminder of how important security is in the cyber
-
Pwning a Domain Joined PC in under a minute
Posted: 2021-01-26 by Peter Bassill
Peter demonstrates how to gain access to a domain joined PC and then spawn a reverse shell back to our command and control system.
-
Peter talks to FindMyUkCasino about cyber security
Posted: 2021-01-26 by Peter Bassill
Over the years that have been a lot of casinos operating online that have been hacked, but it is the smaller operators that tend to be the ones hit hardest.
-
Protect Against Cyberattacks: Essential Penetration Testing Steps
Posted: 2021-01-26 by Peter Bassill
When cybercriminals are successful in their attacks, not only is money and time lost, but also your data security. Your clients trust you to keep their data safe, and if there is a security breach, all that hard-earned trust can be gone in a
-
Fixing SSL Null Cipher Suites Supported
Posted: 2021-01-26 by Peter Bassill
Null cipher suites is where a zero level of encryption is acceptable. This is totally unacceptable in any environment and should be fixed as soon as possible.
-
Becoming a Penetration Tester
Posted: 2020-10-27 by Peter Bassill
We get a lot of people who are looking to understand what it takes to become a penetration tester. We asked our CEO to provide some answers.
-
Adjusting your and your users security behaviour
Posted: 2020-10-26 by Peter Bassill
October is National Cyber Security Awareness Month, and in this series of blogs we will be providing simple tips and tricks to help you and your staff remain ever vigilant against the threats that criminals pose to our digital lives.
-
Installing Metasploit on Ubuntu
Posted: 2020-10-06 by Peter Bassill
Lets get down and dirty installing Metasploit. One of the most common complaints I receive from my students is that they can not get Metasploit to install so revert to Windows. If you have been following along in my Pentest Workstation series you will have
-
How we build our penetration testing servers
Posted: 2020-10-05 by Peter Bassill
In this 5 part series, I will be running through how to go about building a pentest server. This is one of the modules I cover with students and interns and I often find myself surprised at how uneasy people feel when they have no GUI.
-
The SQL Issue Gibraltar Government
Posted: 2020-10-01 by Peter Bassill
The great Gibraltar government has been struck by a cyber attack with the end result of being capable of editing overseas territory laws on their website.
-
What are the Current Cyber Security Trends
Posted: 2020-08-26 by Peter Bassill
What are the Current Cyber Security Trends? By 2021, damages from cyber crime will cost the world a staggering $6 trillion per year. Shocking.
-
6 Cybersecurity Mistakes to Avoid for Law Firms
Posted: 2020-08-12 by Peter Bassill
Cybersecurity mistakes happen. Hackers attack roughly every 39 seconds, or thousands of times per day. Everyone is at risk.
-
The Biggest Cybersecurity Threats Facing Businesses Today
Posted: 2020-07-20 by Peter Bassill
In the last year, cyber security analysis has shown that almost half of all British businesses suffered a cyberattack. Cybersecurity is of vital importance for all businesses today, especially those that deal with confidential customer informati
-
Cybersecurity Best Practices: 7 Things to Teach Your Employees
Posted: 2020-07-06 by Peter Bassill
Cybersecurity best practices keep you and your business safe. According to recent statistics, one small business in the UK is hacked every 19 seconds. The average cost of a data breach for British companies is an astronomical $3.88 million. Coul
-
WiFi Hacking - 10 Tips to Protect Your Business
Posted: 2020-06-11 by Peter Bassill
Wifi Hacking prevalent. Wifi the rapid adoption of remote working, more users are connecting to wifi hotspots than every before. Businesses operate online more than ever in 2020, with it being a necessity for many to properly trade within their sector. But
-
How to Know if Your Business Has Been Hacked
Posted: 2020-05-28 by Peter Bassill
How to Know if Your Business Has Been Hacked? The internet’s one almighty boon for business, but also for criminals.
-
Why Choosing the Right Penetration Testing Methodology is Crucial
Posted: 2020-04-30 by Peter Bassill
Penetration testing is an emerging data protection method. It requires a proper penetration testing methodology.
-
What Is Vulnerability Management and Scanning
Posted: 2020-04-29 by Peter Bassill
Another small business in the UK gets hacked every 16 seconds. There are 65,000 attempts to hack small to medium businesses per day.
-
A review of the SB Tech Breach by our researcher Peter Bassill
Posted: 2020-04-16 by Peter Bassill
Last week saw SB Tech Breached by the hacking group Maze. It seems that every week the group are announcing more victims. GameOn asked our CEO Peter Bassill, to give us some insight into the attack. The GameOn article is here.
-
Regular Cyber Security Testing is Essential for Business
Posted: 2020-04-16 by Peter Bassill
Cybersecurity is the use of technologies, controls, and processes to protect data, devices, networks, programs, and systems from cyber-attacks. These attacks against businesses are on the rise. Yet it seems not many companies are doing enough t
-
How to user a vpn for better cyber security
Posted: 2020-04-10 by Peter Bassill
In our "How to securely" series we asked our followers what tools they would like a simple guide on to help them stay secure online. There seemed to be a lot of confusion as to what a VPN is and why you should or should not use one. So we asked Peter to he
-
An update on the Morrisons supermaket breach
Posted: 2020-04-07 by Peter Bassill
The UK's highest court ruled that Morrisons can not be liable for a criminal act of a person seeking to harm their business. On April 1st, 2020, a panel of five justices unanimously ruled that Morrisons was not "vicariously liable".
-
Remote Working Considerations and How to stay safe from home
Posted: 2020-04-04 by Peter Bassill
With the current pandemic situation, we all need to be taking remote working considerations. While adjusting the work paradym, it is vital to keep a mind's eye on the security and safety of the businesses information assets
-
Dell EMC iDRAC memory corruption Vulnerability
Posted: 2020-04-01 by Peter Bassill
A critical vulnerabiltiy has been identified in Dell EMC iDRAC7, iDRAC8 and iDRAC9. Some unknown processing is affected by this issue. Manipulation with an unknown input can lead to stack based memory corruption.
-
Hiscox Sues for Failing to Disclose Data Breach
Posted: 2020-03-31 by Peter Bassill
On March 27th, Hiscox Insurance Company Inc. filed a complaint against law firm Warden Grier for concealing a data breach that occurred back in 2016.
-
Sometimes plan-b fails and what to do when it does fail
Posted: 2020-03-31 by Peter Bassill
Life has a habit of throwing curve balls at us. Unexpected events that change our daily lives. Businesses try to reduce the impact of these events and put in place contingency budgets, insurance and emergency planning documents. But what happens when those
-
General Electric and thier little security breach
Posted: 2020-03-26 by Peter Bassill
In a surprising announcement Fortune 500 technology giant General Electric (GE), an organisation that should have this all sown up, disclosed that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in
-
Cisco's recent update fixes high-severity flaws
Posted: 2020-03-25 by Peter Bassill
Cisco has recently uncovered hidden flaws which if exploited could lead to privileged code execution. These flaws are found within Cisco's SD-WAN devices which include their vBond and vSmart controllers.
-
Nutribullet hack ahd why it is not what you think
Posted: 2020-03-20 by Peter Bassill
NutriBullet has become the latest Magecart victim with skimmer code planted within their domain in order to steal customer financial data. RiskIQ published their research on Wednesday of this week, and it make very good reading.
-
Exploiting Smart TV Default Browser
Posted: 2020-03-02 by Peter Bassill
I was engaged in a penetration test for a client who had put significant energy into ensuring that their environment was solid and free from attack vectors. Over three days of passive and active surveillance of the client's environment, the most
-
Privilege escalation on Nginx Controller 3.1.x
Posted: 2020-02-30 by Peter Bassill
A critical vulnerability has been identified in Nginx Controller up to 3.1.x (web server,) affecting an unknown code block of the component Controller API.
-
Ukrainian Malware Spreading Exposed on Dark Web
Posted: 2020-02-17 by Peter Bassill
Malware is known as ‘Blackout’ was found in Ukraine in 2015 affecting power plants and in turn causing blackouts. This specific malware target SSH keys to gain access to the victim’s machine unnoticed.
-
Intel Vulnerability Enables Multiple Issues
Posted: 2020-02-17 by Peter Bassill
Intel is warning users of a high severity flaw found within their firmware of its Converged Security and Management Engine (CSME) which is used to power Intels Active Management System hardware for the purpose of remote out-of-band management to consumers.
-
Android Bluetooth Critical RCE Flaw
Posted: 2020-02-13 by Peter Bassill
A recent vulnerability was found by researchers from a German security firm. Fixes are available via the Android February 2020 Security Bulletin. The bug is identified as CVE-2020-002; when exploited can result in remote-code-execution without any user int
-
Dells SupportAssist application gets leveraged by hackers
Posted: 2020-02-12 by Peter Bassill
A recent vulnerability found in Dell's SupportaAssist software found that if exploited correctly can lead to code execution for unprivileged users. This is known as an uncontrolled search path vulnerability (CVE-2020-5316).
-
WhatsApp WhatsPatch WhatsCrack WhatsApp Critical Flaw
Posted: 2020-02-07 by Peter Bassill
A security researcher by the name of Gal Weizman from PerimeterX found multiple flaws within WhatsApp that could potentially lead to remote-code-execution (RCE). The flaws enabled vulnerabilities such as Open-Redirect, Persistent-XSS, CSP-Bypass and read p
-
Google exposes peoples personal photos on the internet
Posted: 2020-02-05 by Peter Bassill
It has recently been reported that not long ago, last Thanksgiving, Google had a bug which caused personal photos to be shared to complete strangers. 'The Chocolate Factory' made note of this issue and began notifying users that there is a bug in Google Ph
-
Mistakes were made and not intel has a privilege escalation
Posted: 2020-01-16 by Peter Bassill
Intel is a very large corporation most known for their processors. A recent flaw within Intel's VTune Profiler software could enable anyone to upgrade their privileges if exploited correctly.
-
Twitter Bug Causing Accounts to be Hijacked
Posted: 2020-01-08 by Peter Bassill
There has been a recent security issue at the end of 2019 within Twitter that enabled malicious users to attack Twitter Android app users to potentially gain sensitive information like Direct Messages, Protected Tweets, etc.
-
Apple Fixes AirDos Bug! Update now!
Posted: 2020-01-07 by Peter Bassill
Airdrop, Apple's file-dropping/file-swapping feature was found with a vulnerability which basically rendered the victims iPad & iPhones unusable.
-
CISO [r]evolution - it is coming and it is important
Posted: 2020-0-18 by Peter Bassill
The CISO Evolution/Revolution. There has been a lot of change for the CISO over the last few months. It is no secret that the last six months have brought about a revolution in businesses change and transformation.
-
WhatsApp WhatsPatch WhatsCrack - WhatsApp Critical Flaw
Posted: 2019-12-30 by Peter Bassill
Juice Jacking is an attack-type that involves plugging your phone into public sockets for “charging purposes”. The truth behind these sockets is the installation of malware on your phones and other electronic devices of unsuspecting users.
-
We exploit Pulse Secure Connect SSL VPN
Posted: 2019-09-11 by Peter Bassill
There has recently been a number of security vulnerabilities in the Pulse Secure Connect SSL-VPN appliance published.
-
Microsoft Windows SMB Shares Unprivileged Access
Posted: 2019-07-29 by Peter Bassill
This vulnerability will allow an attacker on a connected network to view any of the files contained within the file share. In some circumstances, it may be possible to add new files and modify existing files within the file share.
-
Dangers of buying a laptop online
Posted: 2019-07-18 by Peter Bassill
Having worked for both Blue Teams and Red Teams, I am automatically paranoid that everything is a potential threat. But I never expected malware on a new laptop.
-
Sometimes it pays to walk away that under valuing your work
Posted: 2019-07-10 by Peter Bassill
The second post in my series from the darkened room; sometimes I walk away
-
Google Calendar Attacks Unsuspecting Mobile Users!
Posted: 2019-07-09 by Peter Bassill
A very sophisticated cyber phishing attack targets Gmail users through fraud and unwelcome Google Calendar notifications. This campaign takes advantage of a single common default feature for people using Gmail on their smartphone.
-
A nearly perfect SSH2 configuration to keep you secure
Posted: 2019-07-01 by Peter Bassill
On many vulnerability scans we see SSH being reported as a medium risk vulnerability due to insecure ciphers and poor configurations. In penetration tests we often find we are able to use SSH once we have a set of user credentials, especially where the ser
-
Securing Apache2 and how to secure your apache config
Posted: 2019-07-01 by Peter Bassill
Apache is probably the most common webserver used and despite there being well documented guides on how to secure apache, we come across web server header issues and very poor SSL configurations on a daily basis. To aid in the remediation, here is Peter Ba
-
How Serious was the FaceTime Risk
Posted: 2019-02-06 by Peter Bassill
On Monday the 21st of January an issue was identified with Apples FaceTime application. How serious was the risk?
-
So you want to be a penetration tester
Posted: 2019-01-31 by Peter Bassill
Lets explore, as the CEO of a pentesting company, which emails and letters make it through my filters and which ones dont.
-
The difference between 5 million and 40 thousand
Posted: 2019-01-28 by Peter Bassill
A significant proportion of company leaders see Cyber Security as their biggest risk. Understanding the importance of good Cyber Security practices is relatively easy, determining how best to implement those practices isn't. That is where sometimes you nee
-
200 Million plus Chinese CVs Breach
Posted: 2019-01-22 by Peter Bassill
Recently, a database comprising of over 200 million Chinese CVs was discovered online in a compromised position where it was laid bare for the dark web to devour. Naturally, it spilled explicitly detailed information
-
Fortnite security flaw exposed millions of users to being hacked
Posted: 2019-01-18 by Peter Bassill
A security vulnerability in Fortnite, the online game with more than 200 million users, exposed players to being hacked and even secretly recorded during play, a security research firm said.
-
Stupid and simple passwords from 2018
Posted: 2019-01-04 by Peter Bassill
Throughout 2018 I kept a note of all the passwords encountered across 103 onsite penetration tests I was engaged on or peer-reviewed. From all the passwords, two were extremely memorable.
-
Analysis of the worst passwords in 2018
Posted: 2019-01-02 by Peter Bassill
The majority of penetration tests will invariably reveal passwords of some sort from the user base, especially where that penetration test is done on a Windows network. So, as with last year we continue our annual review of the state of passwords.
-
Apache Howto - Hardening Apache
Posted: 2018-12-18 by Peter Bassill
In my last post I gave you an insight into how I perfect SSL security. In this post I am going to run through how I harden a production apache instance.
-
Apache Howto - Perfect SSL Security
Posted: 2018-12-17 by Peter Bassill
I often get asked for the best way to ensure perfect A or A level of SSL security on Apache web servers. So to answer that particular question, here is how I go it.
-
Why Clickjacking is bad and some pentest firms are wrong
Posted: 2018-11-07 by Peter Bassill
I work with a fair few ladies and gents who do bug bounties and while sitting on the beach during one of our hack on the beach sessions, I posed the question 'How friggin evil is clickjacking, PoC or GTFO.' The challenge was set, and here is what we decide
-
How to know if your child's smart toy has been hacked
Posted: 2018-06-25 by Peter Bassill
Digital technology has infiltrated every aspect of our lives and opened up our homes to hacking and other forms of criminal activity
-
GDPR and what we know about it so far
Posted: 2018-06-02 by Peter Bassill
We might have had two years to prepare for the introduction of the new General Data Protection Rules (GDPR) but it seems every business left it to the last possible minute before bombarding us all with opt-in emails and if you’re anything like me you use
-
Mobile Phishing attacks hit an all time high - how to stay safe
Posted: 2018-04-15 by Peter Bassill
According to new research by mobile security firm Lookout, mobile phishing attacks have risen by 85% every year since 2011!
-
How can you keep your Facebook data private
Posted: 2018-04-03 by Peter Bassill
The data of millions of users has been exploited by the British firm on behalf of political clients but surely it was only ever a matter of time before we were all used and abused by the highest bidders?
-
How smart is the smart tech movement
Posted: 2018-03-22 by Peter Bassill
As technology gets more advanced we all think about products that can make our life easier and more secure
-
Equifax reveal the true cost of their breach
Posted: 2018-03-08 by Peter Bassill
When Equifax first announced, in September 2017, that they had been breached no one quite knew the full scale of the incident.
-
Local government hit by 98 million cyber attacks
Posted: 2018-03-05 by Peter Bassill
75% of councils do not provide any mandatory cyber-security training despite being hit by 98 million cyber-attacks over a five-year period.
-
Cybersecurity: What we learned in 2017
Posted: 2018-03-03 by Peter Bassill
With 2018 just days old it's time to reflect on what proved to be another busy year in the world of cybersecurity.
-
Data breaches hit a record high
Posted: 2018-02-15 by Peter Bassill
We knew 2017 was a big year in terms of identity fraud, with headlines being made week after week and month after month. Now it's official, it hit an all-time high in 2017 up 8% on the previous year.
-
Identity theft numbers are at the highest levels ever
Posted: 2018-02-15 by Peter Bassill
We knew 2017 was a big year in terms of identity fraud, with headlines being made week after week and month after month. Now it's official, it hit an all-time high in 2017 up 8% on the previous year.
-
What to do if you have been hacked
Posted: 2018-02-08 by Peter Bassill
inding out you've been hacked is a scary prospect, not least because most people don't really know what it means, just that it sounds serious.
-
Spectre and Meltdown: What it really means
Posted: 2018-01-08 by Peter Bassill
Over the past few days, you will have heard of the new vulnerabilities affecting Intel and AMD processes, but what does it really mean?
-
BYOD policy: Good or bad for business
Posted: 2017-12-17 by Peter Bassill
New research by Apricorn, into USB use, found that 80% of workers use non-encrypted USB drives on their work computers, which got us thinking about the potential dangers that could be lurking in your office every day.
-
Trump named as the Worst Password Offender
Posted: 2017-12-08 by Peter Bassill
2017 has been quite a year for hacking headlines and data breaches and it seems that despite all the warnings and advice some people, who really should know better, are still putting themselves and others at risk.
-
What to do if you are the victim of a data breach
Posted: 2017-02-12 by Peter Bassill
It seems that every day there’s another story about a data breach, with innocent people the world over having their personal information released online – so would you know what to do if you were a victim?
-
Stupid and simple passwords from 2017
Posted: 2017-01-05 by Peter Bassill
Throughout 2017 I kept a note of all the passwords encountered across 71 onsite penetration tests I was engaged on or peer-reviewed.
-
Unprecedented breach at Tesco Bank
Posted: 2016-11-08 by Peter Bassill
On Sunday, Tesco Bank confirmed that 9000 customers had had funds removed from their accounts, in an attack which the banking regulator has described as "unprecedented in the UK".
-
Nearly half of all UK businesses hit by security breach
Posted: 2016-05-16 by Peter Bassill
Research, released by the UK government, found that 43% of all businesses have been hit by a breach in the last 12 months, with that number rising to 66% among larger companies.
-
Patching humans - important or not
Posted: 2016-01-16 by Peter Bassill
In 2009, back when I was the Chief Information Security Officer for Gala Coral Group, I wrote that one of the hot topics for many Chief Information Security Officers was reducing the potential for Data Loss.
-
Monitoring script written in bash
Posted: 2015-10-05 by Peter Bassill
Standard monitoring script for Linux servers.
-
5 Things You Should Know about PCI DSS Penetration Testing
Posted: 2015-06-28 by Peter Bassill
The Payment Card Industry Data Security Standard, commonly shortened to PCI-DSS, was introduced to provide a minimum degree of security when it comes to handling customer card information. While the standard has been around for over a decade, specific requ
-
Passwords Cyber Security Awareness
Posted: 2015-06-22 by Peter Bassill
Passwords are key to good Cyber Security. October is National Cyber Security Awareness Month, and in this series of blogs we will be providing simple tips and tricks to help you and your staff remain ever vigilant against the threats that criminal
-
Cyber Protection for your business
Posted: 2015-01-18 by Peter Bassill
We are living in interesting times as far as information security is concerned. Does it not seem that every few months a large multinational or well established British brand/individual appear to have been the victims of hackers
-
Fixing RSA Keys Less Than 2048 bits
Posted: 2015-01-01 by Peter Bassill
Fixing RSA Keys Less Than 2048 bits
-
Contact form 7 vulnerability found by Hedgehog
Posted: 2014-02-26 by Peter Bassill
The Contact Form 7 vulnerability was discovered by Hannah Sharp during a routine penetration test of our own website following the deployment of the latest plugin updates.
-
Fixing SSL RC4 Cipher Suites Supported (Bar Mitzvah)
Posted: 2009-06-14 by Peter Bassill
This vulnerability is cased by a RC4 cipher suite present in the SSL cipher suite. Fixing this is simple.
-
How to fix weak cipher suites vulnerability
Posted: 2009-03-24 by Peter Bassill
This vulnerability is cased by a weak strength cipher being present in the SSL cipher suite. Weak strength is defined within Nessus as any cipher that is less than 64-bit. Fixing this is simple.
-
Why is Penetration Testing Important
Posted: 2009-03-22 by Peter Bassill
There are a number of reasons why Penetration Testing is important. In this article we will explore why penetration testing is important.
-
Fixing SSL Medium Strength Cipher Suites Supported
Posted: 2009-01-01 by Peter Bassill
This vulnerability is cased by a medium strength cipher being present in the SSL cipher suite. Medium strength is defined within Nessus as any cipher that is between 64-bit and 112-bit or is 3DES.
-
Web Application Potentially Vulnerable to Clickjacking
Posted: 2009-01-01 by Peter Bassill
A very common issue seen in vulnerability scan reports and to an extent, on Penetration Tests. The risk posed by clickjacking varies by who you talk to. For example, Hacker1 say it isn't important at all and can be ignored. We believe that as
Get in Touch
Kindly fill the form and we will get back to you.