LATEST CYBER SECURITY NEWS AND VIEWS

Home > News

Prism Infosec Hires Bradley Knight in the Role of Chief Operating Officer

Posted on

Cyber security consultant Prism Infosec, which has offices in Cheltenham and Liverpool, has welcomed Bradley Knight as its new chief operating officer (COO). Knight holds a forensic computing and security degree from Bournemouth University and worked most recently at Resillion as operations director for UK Cyber. Before that role, he led the offensive security team at MTI […]

Read full post

Why Failing to Document Risk is a Risky Strategy

Posted on

Phil Robinson Explores why Failing to document risk leaves businesses vulnerable to cyber threats and costly consequences. Understanding risk and its potential impact can help the business prepare for and survive the realization of its worst fears. It’s a pre-emptive measure and can head off threats and provide a way to control those risks continuously. […]

Read full post

WebP’s Weak Spot: Unveiling the Hidden Vulnerability

Posted on

Last month (September 2023), Google reported that a newly discovered security issue in Google Chrome had been found, it described as a ‘heap buffer overflow in WebP within Google Chrome’ and tracked under CVE-2023-4863. This was first thought to be just another minor bug found within the browser – something to be addressed in a future […]

Read full post

Privilege Escalation and RCE Vulnerabilities for Multiple ABB Appliances [ASPECT, Matrix, Nexus]. (CVE-2023-0635 / CVE-2023-0636)

Posted on

Prism Infosec recently identified two high risk vulnerabilities within the ABB Aspect Control Engine affecting versions prior to 3.07.01. The two vulnerabilities discovered could result in remote code execution (RCE), and privilege escalation within ABB’s Aspect Control Engine software.  Background During a recent security testing engagement, Prism Infosec discovered an ABB Aspect Appliance through traditional […]

Read full post

Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2023-23397)

Posted on

Introduction to CVE-2023-23397 On 14th of March, Microsoft released a security advisory, detailing CVE-2023-23397, a privilege escalation vulnerability, affecting various versions of Microsoft Outlook. The vulnerability has been assigned a CVSS:3.1 score of 9.8 (CRITICAL).  The vulnerability allows a remote, unauthenticated attacker to access a victim’s Net-NTLMv2 hash by sending a tailored email to a compromised […]

Read full post

Microsoft Word Remote Code Execution Vulnerability (CVE-2023-21716)

Posted on

On the 14th February 2023, Microsoft released a security advisory detailing CVE-2023-21716 – a Remote Code Execution (RCE) vulnerability affecting a variety of Office, SharePoint, and 365 Application versions. The vulnerability has been assigned a CVSSv3.1 score of 9.8 (CRITICAL), given the ease of exploitability and minimal victim interaction required.  Given that there is now PoC […]

Read full post

How to Protect the Business Against a Data Breach/Ransomware

Posted on

Threats to the business can come in various forms but by far the most common and significant is a data breach. Usually leveraged via a successful phishing or spear phishing attack, this then results in either sensitive information (such as a username and/or password) being disclosed or a compromise of target endpoints such as laptops or mobile […]

Read full post

CVE-2022-34001 – XML External Entity (XXE) in Unit 4 ERP 7.9 (Also Known As “Agresso”)

Posted on

Prism Infosec Identified an XXE vulnerability within Unit4’s Enterprise Resource Planning (ERP) software. This has been assigned CVE-2022-34001. Unit4’s ERP software is a well-known enterprise management suite, which includes financial and project management tools. Prism Infosec discovered a blind XXE within a specific function of the ERP software. This would allow an authenticated attacker to […]

Read full post

What is the PSTI and will it improve IoT security?

Posted on

By Phil Robinson The new Product Security and Telecommunications Infrastructure (PSTI) Bill currently going through parliament comprises two parts. The first aims to put in place safeguards to regulate the secure design of the Internet of Things (IoT) while the second will ensure broadband and 5G networks are gigabit-grade. It’s the first part that has caused a […]

Read full post

Prism Infosec Exhibiting at the NCSC’s Flagship Event CYBERUK22

Posted on

Prism Infosec is delighted to announce that it will be exhibiting at the NCSC’s CYBERUK 2022 conference, in Newport on the 11th and 12th of May 2022 on stand A29. For more information on the conference see the NCSC website and agenda. Do come and visit our stand for a chat and to learn more […]

Read full post

FILTER RESULTS

Latest tweets

Data #leakage is just one of numerous risks associated with #GenAI necessitating the use of an #AI #risk framework, as Phil Robinson explains via  @governance_and. #cybersecurity

We interview Phil Robinson, Principal Security Consultant and Founder at @prisminfosec, who shares his views on ethical hackers and the latest ransomware trends.

Sign up to our newsletter

  • Fields marked with an * are mandatory

  • This field is for validation purposes and should be left unchanged.