LATEST CYBER SECURITY NEWS AND VIEWS

Home > News

Prism Infosec Achieves STAR-FS Accreditation

Posted on

We’re thrilled to announce that Prism Infosec is now an accredited provider of STAR-FS (Simulated Targeted Attack & Response assessments for Financial Services), the threat-led penetration testing and red teaming framework launched by the Bank of England, PRA, and FCA this year for the UK finance sector. The STAR-FS scheme represents a significant step forward […]

Read full post

Red Team Scenarios – Modelling the Threats

Posted on

Introduction Yesterday organisations were under cyber-attack, today even more organisations are under cyber-attack, and tomorrow this number will increase again. This number has been increasing for years, and will not reverse. Our world is getting smaller, the threat actors becoming more emboldened, and our defences continue to be tested. Any organisation can become a victim […]

Read full post

Red Teams don’t go out of their way to get caught (except when they do)

Posted on

Introduction In testing an organisation, a  red team will be seeking to emulate a threat actor by achieving a specific goal – whether that is to gain administrative control of the network and prove they can control backups (a kin to how many ransomware operators work), through to proving access to financial systems, or even […]

Read full post

To you it’s a Black Swan, to me it’s a Tuesday…

Posted on

Cybersecurity is a discipline with many moving parts. At its core though, it is a tool to help organisations identify, protect, detect, respond, and recover, then adapt to the ever-evolving  risks and threats that new technologies, and capabilities that threat actors employ through threat modelling. Sometimes these threats are minor – causing annoyance but no […]

Read full post

The Value of Physical Red Teaming

Posted on

Introduction In testing an organisation, a red team will be seeking to emulate a threat actor by achieving a specific goal – whether that is to gain administrative control of the network and prove they can control backups (a kin to how many ransomware operators work), through to proving access to financial systems, or even gaining […]

Read full post

Red Teams – Supporting Incident Response

Posted on

Unauthorised access into remote computers has been around since the 1960s but since those early days organisations and their IT systems have become complex, and that complexity is increasing at an exponential rate, making securing those systems increasingly difficult. Defence mechanisms like firewalls, antivirus software, and monitoring systems have become essential, but they aren’t enough […]

Read full post

Flawed Foundations – Issues Commonly Identified During Red Team Engagements

Posted on

Cybersecurity Red Team engagements are exercises designed to simulate adversarial threats to organisations. They are founded on real world Tactics, Techniques, and Procedures that cybercriminals, nation states, and other threat actors employ when attacking an organisation. It is a tool for exercising detection and response capabilities and to understand how the organisation would react in […]

Read full post

WordPress AI Plugins: Tell me a secret 

Posted on

In our previous blog ‘WordPress Plugins: AI-dentifying Chatbot Weak Spots’ (https://prisminfosec.com/wordpress-plugins-ai-dentifying-chatbot-weak-spots/) a series of Issues were identified within AI related WordPress plugins:   Today, we will be looking at further vulnerability types within these plugins that don’t provide us with the same adrenaline rush as popping a shell, but clearly show how AI plugins are being rushed […]

Read full post

Why CISOs Need an Adversarial Mindset in Cybersecurity

Posted on

Chief Information Security Officers (CISOs) are tasked with safeguarding an organisation’s most valuable assets: its data, intellectual property, and reputation. The role of a CISO has evolved from being an overseer of IT security to a strategic leader who must: anticipate and mitigate complex cyber threats, act as the board’s expert in cybersecurity matters which […]

Read full post

Linux RCE – Critical Vulnerability (CVE9.9) in CUPS – Security Awareness Messaging

Posted on

An inadvertent data leak from a GitHub push update identified an RCE in the Linux Common Unix Printing System (CUPS) service, as an unauthenticated Remote Code Execution vulnerability with a CVE score of 9.9. The vulnerabilities: CUPS and cups-browsed (a service responsible for discovering new printers and automatically adding them to the system) ship with […]

Read full post

FILTER RESULTS

Latest tweets

Data #leakage is just one of numerous risks associated with #GenAI necessitating the use of an #AI #risk framework, as Phil Robinson explains via  @governance_and. #cybersecurity

We interview Phil Robinson, Principal Security Consultant and Founder at @prisminfosec, who shares his views on ethical hackers and the latest ransomware trends.

Sign up to our newsletter

  • Fields marked with an * are mandatory

  • This field is for validation purposes and should be left unchanged.