The GDPR Is Coming The GDPR is coming. It’s everywhere – mainstream news, peppered across social media, and there are webinars and conferences aplenty. And yet one message is clear: many are not ready. Not nearly enough is being done and almost half of organisations that should have their ducks in a row have yet to make a start. But the GDPR is not new news. It came into force in 2016 and, as of today, two … Read More »
Metadata and the Risks to your Security Imagine the following scenario. A company not dissimilar to yours, let’s call it Thomson & Hardy Ltd, uploads a PDF of its product brochure to its website. It looks good, flawless in fact. Thomson & Hardy’s products are attractively set out, the copy word perfect. And why not, the business has a strict editorial quality control process, so it was rigorously checked before it was published. But wait, something’s missing. An … Read More »
Network Security: How You Can Improve It Today Some practical advice for system administrators from Perspective Risk’s network security expert Neil Gibb. Post the recent WannaCry ransomware attack which struck at the heart of the NHS and big names in the private sector, it’s become clear that the basics of network security are often widely overlooked. This enabled a relatively old virus to be used against systems that should have been made secure a long time before. Of … Read More »
Passwords and Permissive Outbound Firewall Rules During security engagements, our consultants regularly encounter organisations vulnerable to password compromise. They find that while great care is often taken in relation to inbound firewall rules, outbound rule-sets are frequently overlooked. In the following scenario, PR’s Principal Security Consultant Matt Byrne demonstrates how permissively configured outbound firewall rules or “allow all” outbound firewall rules can result in the compromise of internal users credentials and potentially impact your wider internal network / domain. Permissive Outbound … Read More »
Ethical Hacking Looking at what it takes to be an ethical hacker by Perspective Risk’s cyber security pro and successful social engineer Marius Cociorba. In part one, we discussed the ethical hacker’s mindset in a security scenario. Here, we look at the fundamental skills an ethical hacker should develop and maintain to excel at finding security flaws. This is not intended as an exhaustive list. Instead, I have hand-picked a variety of good resources to get you started. … Read More »
Taking the Step Up to Cyber Essentials PLUS Welcome to the fourth of our Cyber Essentials (CE) blog series. Here, Perspective Risk’s resident Cyber Essentials guru Tom Sherwood takes time out to talk all things Cyber Essentials PLUS. Let’s dive in! What’s the Difference between Cyber Essentials and Cyber Essentials PLUS? Probably the most important decision when considering Cyber Essentials is whether to go for the standard Cyber Essentials (CE) certification or take the plunge and opt … Read More »
Umbraco CMS Unrestricted File Upload Vulnerability Umbraco CMS Vulnerability Summary Vendor: Umbraco Version: Umbraco CMS v7.5.9 Release Date: 2nd June 2017 Umbraco CMS was found to be vulnerable to an unrestricted file upload vulnerability flaw. Impact of the Umbraco CMS Vulnerability Exploiting this vulnerability enables an adversary to upload arbitrary malicious files to the underlying web server, resulting in the application becoming vulnerable to stored Cross-Site-Scripting and client-side attacks. Umbraco CMS Vulnerability Technical Details A number of … Read More »
Web Application Risks: SQL Injection Welcome to the second of five posts on the top vulnerabilities found in vendor and bespoke web applications. Here, InfoSec Pro Kai Stimpson focuses on the second most common vulnerability we encounter – SQL Injection. You can catch the first post on broken authentication here. What is SQL injection? SQL (Structured Query Language) injection is a technique used for attacking data-driven apps. Despite having been around for nearly 20 years, it continues to pose a … Read More »
DontCry over WannaCrypt If you’re reading this article it’s not because you’ve randomly stumbled across the hashtags “WannaCry”, “WCry”, “WannaCrypt”, “Ransomware” etc. It’s because you’re already aware of it. Now, what can we add to the hundreds of articles on the recent breach via ransomware and the NSA vulnerability/exploit MS17-010? To sum it up, these are following mediums discussing WannaCry: Tweets Articles Blog posts Newspaper columns TV reports Fail image shares across social media Text messages WhatsApp messages … Read More »
No. 2: Identity Federation and User Identities in the Cloud Greetings to the second of our five part series addressing the top vulnerabilities and misconfigurations common in the cloud environment. Previously, InfoSec pro Sasha Raljic discussed accountability and data ownership in the cloud and the importance of determining the rightful data owners. Here, he looks at user identity federation and the importance of managing user identities across the cloud environment so that an appropriate level of access is … Read More »
Taking a Pragmatic Approach to the GDPR The General Data Protection Regulation aims to harmonise and toughen minimum standards for protecting the personal information of EU citizens. It applies to any organisation doing business with EU member states, regardless of where it’s headquartered. Brexit, whether hard, soft or any other variant, will not affect the introduction of the regulations. Establishing how commercial, public and third sector organisations approach compliance with the new law in time for May … Read More »
Remote Desktop Service (RDS) Greetings to the second of our Reducing Your Risks blog series. Written by PR’s team of Penetration Testers with a combined experience of 25 plus years, we look across the spectrum of IT risks and offer tips to improve your organisation’s security. Here, we address Remote Desktop service vulnerabilities, the common threats, and how to guard against them. Remote Desktop service (RDS), known as Terminal Services in Windows Server 2008 and earlier, is a … Read More »
SSL / TLS Certificate Security Welcome to the first of our Reducing Your Risks blog series where we address a range of security vulnerabilities and share best practice to protect your organisation from threat actors. Here, our senior cyber security pro Abdul Ikbal looks at common SSL / TLS certificate weaknesses, the risks, and what you can do about them. SSL (Secure Sockets Layer) If you’re still using SSL v3 or below, I feel bad for you son, you … Read More »
The Cyber Essentials Scan Hello and welcome to the third of our Cyber Essentials (CE) blog series, where we help you improve your chances of Cyber Essentials certification. As an external certifying body, we encounter common errors which can result in a disappointing fail. In our previous post we provided guidance on the Cyber Essentials Questionnaire. Here our Cyber Security pro Abdul Ikbal discusses the next stage: the Cyber Essentials scan. What is the Cyber Essentials Scan? The … Read More »
The Cyber Essentials Questionnaire Greetings to the second part of our Cyber Essentials (CE) series. Here, our infosec specialist Abdul Ikbal shares some quick advice on the Cyber Essentials Questionnaire. Cyber Essentials is a UK government endorsed standard. It demands compliance with a range of security measures that afford protection against common threats. Certification demonstrates to the wider world that information security is important to you and reassures those whose data you manage. The first stage towards … Read More »
Ethical Hacking Welcome to the first of a series of posts addressing what it takes to be an ethical hacker, written by Perspective Risk’s Penetration Tester Marius Cociorba. Each week he discusses one element he considers key to being a security consultant, especially in the context of pen testing. References to further reading are included where helpful. Volumes have been written about careers in the infosec industry, many of which influenced Marius when he began his journey in … Read More »
Pentesting – A Guide to Buying What to check before purchasing a Penetration Test As a first time buyer looking for a pentesting provider, or perhaps a second time buyer with lightly toasted fingers, what criteria should you use when selecting a penetration testing company? Choosing a pentest supplier can present a risk in itself. In our Buyer’s Guide for Penetration Testing, we help you to navigate your way across the potentially choppy waters and advise on: … Read More »
The Cyber Essentials Assessment Welcome to the first of our Cyber Essentials (CE) series, where our sysadmin Neil Gibb tackles the unattractively named Bloatware and shows why it’s a barrier to valuable CE certification. Preparing your corporate network for the Cyber Essentials or Cyber Essentials Plus assessment can be daunting, and often presents more questions than answers. In this series we set out to answer the common questions. We’ll share practical, step-by-step guidance and help you on your journey … Read More »
Your Digital Privacy – Whose Responsibility Is It Anyway? Welcome to this blog post by one of PR’s data protection experts, under his pen name Fin McIntyre. The main problem in the digital world right now is you. Cast your mind back (or, if you’re a millennial, imagine) to a time when the biggest risk to your personal information was leaving your wallet on the bus, not falling victim to cyber crime and having it sold off on … Read More »
No. 1: Accountability and Data Ownership in the Cloud Welcome to the first of five posts addressing the security of your data in the cloud by Perspective Risk’s cyber risk specialist Sasha Raljic. The beginning of March saw Amazon’s Web Services in meltdown. In simple terms, this meant its business customers – circa 350,000 organisations – were stymied. Websites, back-end storage, apps and Internet of Things gadgets relying on the platform were summarily knocked offline for five … Read More »
We are Perspective Risk
Information security is crucial to every aspect of your business – operational efficiency, profitability, business continuity, customer confidence, brand loyalty, protection against fraud and meeting regulatory requirements.
Our penetration testing, pen testing, pen tests and cyber security testing has proven time and time again to be an effective security assessment of business IT infrastructure.
Perspective Risk provides in-depth security assessments, risk management and compliance solutions to help you keep your confidential information safe and your critical systems secure. We’re innovative, flexible and supportive, helping you through any information security issues to deliver real business benefits and excellent value.