Why Vulnerability Management is difficult and expensive … and how to improve it "The problem isn't too little data—it's too little understanding." — Philip Harragan, CEO, Rebasoft Sections: >> Cybercriminals don’t care if you’re small >> Everything and Nothing Has Changed >> The Signal-to-Noise Crisis >> Where Rebasoft Fits In Cybercriminals don’t care if you’re small If your organisation uses IT, you are at risk from today’s cyber criminals as a global 500 organisation. Their automated hacking systems look [...]

Improved Cybersecurity using asset intelligence This post gives a short overview for CIO/CTO/CISO management looking to improve cybersecurity defences. "A riddle wrapped in a mystery inside an enigma", Winston Churchill, c. 1939 Today’s cybersecurity breaches largely result from the unexpected and the unknown. The complexity and rapid evolution of technology contribute to the challenge of maintaining security. Unlike Churchill's quote, understanding and addressing cybersecurity weaknesses need not be difficult. In fact, if you can see it, you can secure [...]

How Rebasoft maps to NIS2 NIS2 is an updated version of the original NIS Directive, designed to address the growing evolving threats of cybersecurity. It mandates that operators of essential services (OES) and digital service providers (DSPs) implement robust security measures and report cybersecurity incidents to the relevant authorities. What is the NIS2 Directive? The NIS2 Directive is EU-wide cybersecurity legislation that extends the scope of the original NIS Directive. It now covers a wider range of entities and [...]

The Risks of Over-Relying on Large Software Companies: A Cybersecurity Perspective While large software vendors offer robust, reliable, and scalable solutions to address business needs, becoming over dependant on a single vendor can undermine the very efficiency and security that businesses seek to enhance. When coupled with some of the anti-business tactics employed by some of these companies, it can pose a serious financial and security risk to your company. While organisations, especially enterprise grade and tech companies, chose [...]

A vulnerability has just been discovered in OpenSSH with a CVSS score of 7.0 (High). The National Institute of Standards and Technology (NIST) have said "As a consequence of a successful attack, in the worst case scenario, the attacker may be able to perform a remote code execution (RCE) within unprivileged user running the sshd server" (CVE-2024-6409). OpenSSH is a suite of secure networking utilities based on the SSH protocol and is crucial for secure communication over unsecured networks. It [...]

The Digital Operational Resilience Act (DORA) is an EU regulation that entered into force on 16 January 2023 and will apply as of 17 January 2025. Its goal is to enhance the cyber resilience of the financial sector, ensuring that financial institutions, including banks, investment firms, and insurance companies, can withstand and recover from various types of digital disruptions and cyber threats. What's behind DORA? In February 2016, the world saw it's first cyber bank heist, proving that there was [...]