Perspective Risk Discovers Vulnerability in Popular SIEM Product EventLog Analyser is log management, auditing and compliance software. During our internal security engagements, we frequently encounter ManageEngine products which are often used to enumerate a great deal of information. Historically, ManageEngine’s product offering has suffered from some serious vulnerabilities, which is evident by the number of CVEs (common vulnerabilities and exposures) assigned. As a low privileged user, it is possible to take advantage of the “Import Log Data” … Read More »
Is Remote Working Compromising Your Cybersecurity? In the understandable rush to enable remote working, many organisations are – in the face of the immense pressures – neglecting security hardening. This technical blog post by our Principal Security Consultant, Sash Raljic, outlines the risks of functionality over security and shares insights and advice. The Corona Virus Pandemic has fundamentally changed the way workers are accessing corporate information. While many companies are already familiar with the remote working process … Read More »
Remote Security Assessments of Internal Systems, Applications and Infrastructure In response to the coronavirus crisis and an increased demand for remote working, the team at Perspective Risk has quickly developed a bespoke remote testing solution. This allows our consultants to carry out internal security assessments from remote locations. The solution is simple, secure and cost-effective, offering our clients the ability to test their internal systems and applications without the additional expenditure that onsite tests can incur. What … Read More »
Get the Lowdown on the Big Changes to the Cyber Essentials Scheme Whether you have a Cyber Essentials (or Cyber Essentials PLUS) certification or are thinking of applying for one, we explain the sweeping changes you should know. What is the Cyber Essentials Scheme? Cyber Essentials (CE) is a UK Government information assurance framework under the umbrella of the National Cyber Security Centre (NCSC). Organisations can earn two levels of certification (badges): 1. Cyber Essentials – you … Read More »
Part Two: Our Guide to Cyber Attacks and how to Tackle Them Welcome to part two of our guide to cyber-attacks, where we list the common types to be aware of, alongside real-life examples and advice on tackling them. You can jump to part one here. Man-in-the-Middle (MitM) Once upon a time not so very long ago, people wrote to one another. It was an era of Basildon Bond and billets-doux, before emails and texts. Now imagine … Read More »
Part One: Our Guide to Cyber Attacks and how to Tackle Them Welcome to part one of our guide to cyber-attacks, where we list the common types to be aware of, alongside real-life examples and advice on tackling them. No. 1 Phishing – Also Known as Social Engineering A while back, I made phishing phone calls (sometimes referred to as vishing) to test the vigilance of a financial services firm’s employees. As a Scottish woman, my colleagues … Read More »
The Business Case for Penetration Testing A penetration test, or a pen test, is a popular way to check the effectiveness of your organisation’s cybersecurity. Pen testing is typically done once or twice a year, or after any significant infrastructure or application changes. As one of the better-known cybersecurity services in the marketplace, pen-testing plays a crucial part in most security-conscious companies’ armouries. Here, we list five reasons to consider one for your business. No. 1. A … Read More »
The Seven Steps to Cybersecurity Nirvana You’ve done your homework; you’ve spent some time researching penetration testing companies and you think you’ve identified a good one. Maybe you used our previous blog to help: Think Your Organisation Needs a Penetration Test? Read This First. We hope you chose us, but if not, we hope you’ll read on anyway. Now you have a date for your pen test in your diary, you’ve done the hard part, right? Alas … Read More »
How to Make the Best Choice Are you a pen test newbie? Or perhaps you arranged a cyber penetration test in the past and didn’t receive the service you expected. If so, this blog will help you. FACT: Penetration testing isn’t cheap. The day rate for a penetration tester ranges from £600 to £3,000 with travel and (potentially) accommodation on top. But let’s put this into context; you’d pay triple to avoid the blindsiding consequences of a … Read More »
Mirus IT, the long-standing Milton Keynes-based, managed services provider is now part of the IT Lab group. This acquisition sees Mirus IT join Perspective Risk (acquired May 2017) and Content & Code (acquired in September 2018), in a business that now serves 890+ managed service clients, with a combined turnover that exceeds £75m. Making the announcement, IT Lab’s CEO, Peter Sweetbaum said: “We are delighted to welcome Mirus as part of the IT Lab group. Mirus is … Read More »
Perspective Risk’s Cyber Security Capabilities Commended Perspective Risk – an IT Lab company – awarded ‘Best Penetration Testing Specialists in England’ by AI Global Media. In our increasingly digitised world, no organisation is immune from cyber-crime. Penetration Testing – a simulated cyber-attack to check computer systems for vulnerabilities – is one of the most popular security services in the marketplace. We are delighted to announce our recognition as the best penetration testing specialist in England. “The Cyber … Read More »
TLDR A vulnerability was identified in a Samsung system app which allows external malicious applications to escape the protections of the Android sandbox and raise their privileges to that of the system (UID 1000) user. Background The Android Application Sandbox is an important security mechanism that isolates different app processes and their data by assigning them a unique Linux UID. As it is implemented at the kernel level of the Android OS, this security model extends to … Read More »
Same, Similar or Completely Different? In this concise article,we’ll break out the similarities and the differences between red team testing and penetration testing to answer the question regarding their effectiveness. We’ll also help you decide which is the best approach for your organisation. The first thing to acknowledge is that both red team testing and penetration testing have certain similarities – both are designed to uncover weaknesses in your security defences. However, they do differ considerably in … Read More »
Attackers, Defenders and a Referee A red team exercise is an “all-out” effort to penetrate an organisation’s security defences. The objective is to gain access to systems via physical breaches, computer networks, phone systems, RF (radio frequency) systems and employee manipulation. The concept derives from simulation exercises run in the military and mirrors a real-world attack scenario. It’s designed to expose shortfalls, vulnerabilities and loopholes. This exercise cuts through any vagueness or unfounded assumptions surrounding an organisation’s … Read More »
Make Sure You’re getting a Porsche and not a Lada Following on from our previous blog “A Convincing Argument for Penetration Testing”, let’s now look at how to successfully navigate a crowded marketplace and choose a penetration test provider shrewdly. There are hundreds of companies offering penetration tests in the UK. When you hand over the keys to your organisation (metaphorically speaking), how can you have confidence your penetration tester will apply the controls required to protect your sensitive … Read More »
Is Your Business Safe From Hackers? It’s possible a hacker is examining your business right now. He’s intelligent, he’s resourceful, and he’s looking to exploit any shortfalls he uncovers in your security measures. Whatever he finds, he’ll be sure to exploit it. The consequences might be negligible, or they could be catastrophic for business continuity. What will he find and what loss or damage to sensitive data might result? How costly would it be to your business … Read More »
The GDPR Is Coming The GDPR is coming. It’s everywhere – mainstream news, peppered across social media, and there are webinars and conferences aplenty. And yet one message is clear: many are not ready. Not nearly enough is being done and almost half of organisations that should have their ducks in a row have yet to make a start. But the GDPR is not new news. It came into force in 2016 and, as of today, two … Read More »
Metadata and the Risks to your Security Imagine the following scenario. A company not dissimilar to yours, let’s call it Thomson & Hardy Ltd, uploads a PDF of its product brochure to its website. It looks good, flawless in fact. Thomson & Hardy’s products are attractively set out, the copy word perfect. And why not, the business has a strict editorial quality control process, so it was rigorously checked before it was published. But wait, something’s missing. An … Read More »
Network Security: How You Can Improve It Today Some practical advice for system administrators from Perspective Risk’s network security expert Neil Gibb.* Post the recent WannaCry ransomware attack which struck at the heart of the NHS and big names in the private sector, it’s become clear that the basics of network security are often widely overlooked. This enabled a relatively old virus to be used against systems that should have been made secure a long time before. Of … Read More »
Passwords and Permissive Outbound Firewall Rules During security engagements, our consultants regularly encounter organisations vulnerable to password compromise. They find that while great care is often taken in relation to inbound firewall rules, outbound rule-sets are frequently overlooked. In the following scenario, PR’s Principal Security Consultant Matt Byrne demonstrates how permissively configured outbound firewall rules or “allow all” outbound firewall rules can result in the compromise of internal users credentials and potentially impact your wider internal network / domain. Permissive Outbound … Read More »
We are Perspective Risk
Information security is crucial to every aspect of your business – operational efficiency, profitability, business continuity, customer confidence, brand loyalty, protection against fraud and meeting regulatory requirements.
Our penetration testing, pen testing, pen tests and cyber security testing has proven time and time again to be an effective security assessment of business IT infrastructure.
Perspective Risk provides in-depth security assessments, risk management and compliance solutions to help you keep your confidential information safe and your critical systems secure. We’re innovative, flexible and supportive, helping you through any information security issues to deliver real business benefits and excellent value.