Like many management systems, WordPress offers extensions to its core functionality that are created by the community and third-party providers. While these extensions are essential for the thriving WordPress ecosystem, the influx of new code introduces fresh vulnerabilities. Prism Infosec assessed several open-source extensions and found a number of issues that could pose a risk […]
Our Cyber Maturity Assessment is mapped to the National Institute of Standards and technology (NIST) Cybersecurity Framework and covers all five core areas (identify, protect, detect, respond and recover) with maturity graded using five maturity rankings (initial, developing, defined, managed or optimised). Our team of GRC specialist consultants carry out interviews, review documents, and observe current practices […]
In the world of cybersecurity, the saying goes: people are your first line of defence. Empowering employees through comprehensive cybersecurity training, companies can prevent cyber attacks caused by human error. There’s a great deal of FUD (fear, uncertainty and doubt) spread about by the security industry concerning the threats facing the business but the truth […]
Cyber security consultant Prism Infosec, which has offices in Cheltenham and Liverpool, has welcomed Bradley Knight as its new chief operating officer (COO). Knight holds a forensic computing and security degree from Bournemouth University and worked most recently at Resillion as operations director for UK Cyber. Before that role, he led the offensive security team at MTI […]
Phil Robinson Explores why Failing to document risk leaves businesses vulnerable to cyber threats and costly consequences. Understanding risk and its potential impact can help the business prepare for and survive the realization of its worst fears. It’s a pre-emptive measure and can head off threats and provide a way to control those risks continuously. […]
Last month (September 2023), Google reported that a newly discovered security issue in Google Chrome had been found, it described as a ‘heap buffer overflow in WebP within Google Chrome’ and tracked under CVE-2023-4863. This was first thought to be just another minor bug found within the browser – something to be addressed in a future […]
Prism Infosec recently identified two high risk vulnerabilities within the ABB Aspect Control Engine affecting versions prior to 3.07.01. The two vulnerabilities discovered could result in remote code execution (RCE), and privilege escalation within ABB’s Aspect Control Engine software. Background During a recent security testing engagement, Prism Infosec discovered an ABB Aspect Appliance through traditional […]
Introduction to CVE-2023-23397 On 14th of March, Microsoft released a security advisory, detailing CVE-2023-23397, a privilege escalation vulnerability, affecting various versions of Microsoft Outlook. The vulnerability has been assigned a CVSS:3.1 score of 9.8 (CRITICAL). The vulnerability allows a remote, unauthenticated attacker to access a victim’s Net-NTLMv2 hash by sending a tailored email to a compromised […]
On the 14th February 2023, Microsoft released a security advisory detailing CVE-2023-21716 – a Remote Code Execution (RCE) vulnerability affecting a variety of Office, SharePoint, and 365 Application versions. The vulnerability has been assigned a CVSSv3.1 score of 9.8 (CRITICAL), given the ease of exploitability and minimal victim interaction required. Given that there is now PoC […]
Threats to the business can come in various forms but by far the most common and significant is a data breach. Usually leveraged via a successful phishing or spear phishing attack, this then results in either sensitive information (such as a username and/or password) being disclosed or a compromise of target endpoints such as laptops or mobile […]