LATEST CYBER SECURITY NEWS AND VIEWS

Home > News

Let’s Go Phishing

Posted on

Phishing

Prism Infosec’s security consultant Kian J, provides a detailed account of a successful simulated phishing attack

Read full post

ICO data reveals sharp rise in attacks

Posted on

Cyber Trends

Recent data from the Information Commissioner’s Office (ICO) Data Security Trends Analysis Q1 2021-22 (capturing incidents for the period 1 April – 30 June 2021) reveal there’s been a sharp rise in specific cyber attacks as attackers seek to capitalise on the disruption caused by the pandemic and working from home (WFH). The biggest leap […]

Read full post

Threats and priorities for 2022

Posted on

Phil Robinson, December 23rd 2021 Many businesses will still be grappling with the seismic shifts of the pandemic as they eye 2022. The rush to roll-out systems to support home working and to activate virtual versions of real-world business channels saw unprecedented digital transformation equivalent to years achieved in just a few months. But this […]

Read full post

Apache ‘Log4Shell’ Log4j (version 2) vulnerability (CVE-2021-44228)

Posted on

Our teams are actively responding to the Log4Shell (or LogJam) 0-day threat which has been reported in the Apache Log4j 2 Java library and has been awarded a severity rating of 10 out of 10 by NIST.  We are alerting customers to systems and services that may potentially be impacted and assisting with the investigation and remediation of any […]

Read full post

Alexis V elected to CREST-EU Council

Posted on

We’re proud to announce that Alexis V, Senior Security Consultant at Prism Infosec, has been elected to the newly formed CREST-EU Council.  CREST, an international not-for-profit accreditation and certification body that represents and supports the technical information security market, announced its intention to form the Council and an EU Chapter at the end of October. Due to meet in the […]

Read full post

Was the NSA’s Cyber Security director right to say attackers know networks best?

Posted on

By Phil Robinson There was an interesting spat on Twitter during September when Rob Joyce, Cyber Security Director of the National Security Agency, disputed the notion put forward by security researcher @RayRedacted that “Defenders think in lists, attackers think in graphs”. (Presumably suggesting that defenders are preoccupied with tick lists and compliance while attackers are looking at the data […]

Read full post

No Shell? No Problem!

Posted on

Enumerating internal networks via ssh-tunnels, Alexis V, November 2021 On a recent engagement, we were tasked to assess the security of an Secure File Transfer Protocol (SFTP) server. We were provided with a regular account to facilitate the file uploads, and so proceeded to work our way through the common checks. We tried to: Log […]

Read full post

Apache Webserver Directory Traversal Vulnerability (CVE-2021-41773)

Posted on

CVE-2021-41773 Apache Web 0day  A new apache 0day vulnerability has just been announced that affects Apache version 2.4.49. “A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root.” Further information can […]

Read full post

Prism Infosec Statement on NPCC Police CyberAlarm

Posted on

Operated by the National Police Chief’s Council (NPCC) and Pervade Software, the Police CyberAlarm service is a free tool to assist organisations with monitoring malicious cyber activity.  The service helps to detect and provide regular reports of suspected malicious activity, enabling organisations to respond to potential cyber attacks.  The NPCC and Pervade Software engaged Prism […]

Read full post

Prism Infosec Information & Cyber Security Forum

Posted on

From May 2020, Prism Infosec has been running quarterly cyber security forums for security leaders across our client base.   We created this forum to allow our clients the opportunity to connect, discuss and exchange experiences on common cyber security challenges, and that this shared experience would help our clients as they navigate the security […]

Read full post

FILTER RESULTS

Latest tweets

Data #leakage is just one of numerous risks associated with #GenAI necessitating the use of an #AI #risk framework, as Phil Robinson explains via  @governance_and. #cybersecurity

We interview Phil Robinson, Principal Security Consultant and Founder at @prisminfosec, who shares his views on ethical hackers and the latest ransomware trends.

Sign up to our newsletter

  • Fields marked with an * are mandatory

  • This field is for validation purposes and should be left unchanged.