Kerberos: Enumerating Domain Usernames Enumerating domain account names Welcome to a technical blog post for Penetration Testers by our Principal Security Consultant, Matt Byrne. In recent years, enumerating valid operating system level user names from up-to-date, well maintained Windows environments – even from an internal test perspective, has become increasingly unlikely. Where RID cycling once provided a full list of domain users, this is no longer the case. However, for internal assessments, the Kerberos service (88/tcp) still … Read More »
The General Data Protection Regulation FAQs The rights of adults and children under the GDPR Help implementing the GDPR and safeguarding personal data Browse our GDPR Implementation page to see how we can help you or click here to contact us. We’d be glad to help.
Make the most of your Penetration Test Perspective Risk’s Penetration Tester Tom Sherwood shows you how to make the most of your pen testing by taking care of some security basics yourself. Your testers’ time will be used to better effect and you’ll gain more from your investment. Here we look at 5 ways you can carry out simple hardening of your servers. 1. Keep Your Servers’ Operating Systems Updated Keeping your servers’ operating systems up … Read More »
Part 5:5 Running unsupported operating systems and applications on your network During Pen Test engagements, our Cyber-Security specialists consistently encounter the same security weaknesses. Five risks to organisations hold top position, whatever their sector or scale. In this fifth and final part of our blog series by PR’s Marius Cociorba, we look at the dangers of running unsupported operating systems or software on your network. Microsoft Windows Server 2003 security Although support for Microsoft Windows Server 2003 ended … Read More »
Part 4:5 Storing Data as Clear Text Storing data in the clear During a pen test, our InfoSec experts usually report the same security dangers, whatever the client size or type. In this weekly series, we explore five common vulnerabilites and share practical advice you can follow today. In this 4th part, we address the risks of storing passwords and other sensitive data as clear text. We use encrypted hard drives, data must be protected, right? Once … Read More »
Part 3:5 Lack of Network Segregation Among the range of services we provide at Perspective Risk, penetration testing is a popular choice with our clients, from blue chips to SMEs. Regardless of their security posture, our testers regularly record the same issues. In this 5 part blog series, we share what those issues are alongside straightforward guidance to avoid them. In this 3rd part we highlight the importance of network segregation on the internal domain. Suggestions for … Read More »
Part 2:5 Dangerous Default Credentials – secure your network We regularly conduct network penetration tests for clients large and small, and whose security capabilities cross the spectrum. Despite the diversity of our customer base, we frequently encounter the same vulnerabilities, the consequences of which can be bad news for an organisation’s security posture. In this series we address the 5 commonest network security issues together with practical advice you can apply today. In this 2nd part we … Read More »
Part 1:5 Weak password policies – improve your network’s security Here at Perspective Risk, we run frequent network penetration tests for clients of all sizes and security capabilities. We observe certain issues cropping up time and time again, which can significantly affect a business’ security posture. During this series we will cover the top 5 issues we most commonly find, together with some simple remediation advice you can follow that should make a difference. This 1st … Read More »
Perspective Risk (PR) is at the Law Firms and Cyber-Attack Conference in London on the 5th of October. The event is connecting more than 150 legal professionals from across the UK with Information Security experts. Law firms are an attractive target to cyber-criminals, evidenced by the attack on Mossack Fonseca, the law firm at the centre of the Panama Papers scandal. PR’s theme: ‘How not to be the next Mossack Fonseca’ will give delegates the inside view … Read More »
Part 5: 5 phishing tactics threatening UK businesses In our final phishing series post, we look at phishing emails designed with one purpose in mind: identity theft. When we receive an email from Facebook, LinkedIn, Amazon or Apple, our initial reaction is to believe it as we trust the source. Cyber criminals understand the psychology of trust and seek to exploit it through phishing cons. It can take less than 5 minutes to create an authentic-looking phishing email … Read More »
Part 4: 5 phishing tactics threatening UK businesses So far in this series of phishing awareness blogs we’ve looked at CEO Fraud, malicious attachments and malicious links. The previous two posts explored the techniques deployed by cyber criminals to infect recipients’ systems with malicious software. Today’s blog looks at ransomware. Increasingly, cyber criminals are commercialising malware to blackmail their victims. This type of malware is called ransomware. Since the first cases in Russia 10 years ago, ransomware has evolved rapidly, becoming a lucrative practice for cyber criminals across the globe. The attackers send emails with … Read More »
Part 3: 5 phishing tactics threatening UK Businesses Welcome back to our series of blog posts focussing on phishing, a method of social engineering costing UK businesses £ millions every year. In our first post we looked at CEO Fraud. In the second we shared examples of phishing emails with malicious attachments. Staying on the topic of malicious software, this post looks at phishing emails containing a link which, if clicked, installs malware. The tactics used by cyber criminals can be ingenious. For example, there is a rise in watering hole attacks. Hackers … Read More »
New Trojan found – Shakti modifies Windows settings to steal files Perspective Risk’s Cyber Security expert Sasha Raljic explores Shakti – a Trojan threat, in this blog post. Shakti is a data exfiltration Trojan. It emerged a few days ago when it was sent to Bleepingcomputer.com by one of their readers. On closer inspection, it was discovered that this type of Trojan searches for particular file types on the victim’s computer and uploads them to a central server. There are many indications that this Trojan was developed … Read More »
Part 2: 5 phishing tactics threatening UK businesses In the first of our series of blog posts we gave an example of CEO Fraud. In this second blog we’re focussing on emails containing malicious attachments. We’ve all experienced arriving home from work to be greeted by a ‘We failed to deliver your parcel’ card on the doormat. The anxiety of losing that precious package typically has us rushing to the parcel depot at the first opportunity. In February this year, email scammers exploited the same emotional drivers in an email to FedEx customers. The email claimed that … Read More »
Part 1: 5 phishing tactics that are threatening UK Businesses As IT departments tighten their network security, cyber criminals are now focusing on the next weak link in business defences – employees. Of the 95,000 phishing email scams reported by Action Fraud in 2015 many were tailored to fool company staff – leading to malware and ransomware infections, as well as data and financial theft. In this series of blog posts we’ll look at five types of … Read More »
The Directors of Perspective Risk Ltd are delighted to announce the appointment of Oscar O’Connor as a Non Executive Director of the company. Industry Experience Oscar brings a wealth of experience in business leadership, marketing and service development as well as being a recognised expert on information assurance, business continuity, cyber security and programme management, designing, mobilising and managing major programmes of transformational change. He has worked across Europe, the Middle-East, North Africa and the United States, … Read More »
The Cloud – advantages and pitfalls ‘The cloud’ is the term given to the provision of services and applications hosted on the Internet, instead of traditionally on business premises. Cloud computing gives individuals and businesses the ability to store and process their information in third-party data centres with the much advertised benefits of getting their applications up and running quickly, as well as improved manageability and reduced downtime. This enables businesses to rapidly fine-tune resources in response … Read More »
Perspective Risk (PR) is pleased to announce it has been recognised as a highly innovative digital business by the Innovation and Enterprise Digital Fund (INV-ENT Digital). PR was chosen to receive a funding award based on an innovative digital solution in a highly competitive and over subscribed selection process. “The new portal will provide our clients with fast, seamless access to the comprehensive range of professional services offered by PR, whilst still giving the high level of … Read More »
Title: Thinfinity Remote Desktop Workstation Directory Traversal Flaw Version: Thinfinity Remote Desktop Workstation v.126.96.36.199 Vendor: Cybele Software, Inc Release Date: 01/04/2015 Thinfinity vulnerability summary Thinfinity Remote Desktop Workstation was found to be vulnerable to an unauthenticated directory traversal flaw. Impact of the Thinfinity vulnerability Exploiting this flaw allows an adversary to gain unrestricted access to system resources on the affected host as the service runs in the context of Local System (by default). Unaffected Thinfinity Products Thinfinity … Read More »
Overview The information security field has been lit up over the last few hours discussing “Shellshock” the next Heartbleed type vulnerability (in terms of severity), the jury is still out as to whether this is worse but it’s certainly looking to be at least as bad as Heartbleed at this stage in proceedings. In the Wild Perspective Risk has already identified scan attempts looking for the vulnerability, albeit from a security researcher conducting an assessment of the … Read More »
We are Perspective Risk
Information security is crucial to every aspect of your business – operational efficiency, profitability, business continuity, customer confidence, brand loyalty, protection against fraud and meeting regulatory requirements.
Our penetration testing, pen testing, pen tests and cyber security testing has proven time and time again to be an effective security assessment of business IT infrastructure.
Perspective Risk provides in-depth security assessments, risk management and compliance solutions to help you keep your confidential information safe and your critical systems secure. We’re innovative, flexible and supportive, helping you through any information security issues to deliver real business benefits and excellent value.