Why Vulnerability Management is difficult and expensive … and how to improve it "The problem isn't too little data—it's too little understanding." — Philip Harragan, CEO, Rebasoft Sections: >> Cybercriminals don’t care if you’re small >> Everything and Nothing Has Changed >> The Signal-to-Noise Crisis >> Where Rebasoft Fits In Cybercriminals don’t care if you’re small If your organisation uses IT, you are at risk from today’s cyber criminals as a global 500 organisation. Their automated hacking systems look [...]

Improved Cybersecurity using asset intelligence This post gives a short overview for CIO/CTO/CISO management looking to improve cybersecurity defences. "A riddle wrapped in a mystery inside an enigma", Winston Churchill, c. 1939 Today’s cybersecurity breaches largely result from the unexpected and the unknown. The complexity and rapid evolution of technology contribute to the challenge of maintaining security. Unlike Churchill's quote, understanding and addressing cybersecurity weaknesses need not be difficult. In fact, if you can see it, you can secure [...]

How Rebasoft maps to NIS2 NIS2 is an updated version of the original NIS Directive, designed to address the growing evolving threats of cybersecurity. It mandates that operators of essential services (OES) and digital service providers (DSPs) implement robust security measures and report cybersecurity incidents to the relevant authorities. What is the NIS2 Directive? The NIS2 Directive is EU-wide cybersecurity legislation that extends the scope of the original NIS Directive. It now covers a wider range of entities and [...]

The Risks of Over-Relying on Large Software Companies: A Cybersecurity Perspective While large software vendors offer robust, reliable, and scalable solutions to address business needs, becoming over dependant on a single vendor can undermine the very efficiency and security that businesses seek to enhance. When coupled with some of the anti-business tactics employed by some of these companies, it can pose a serious financial and security risk to your company. While organisations, especially enterprise grade and tech companies, chose [...]

A vulnerability has just been discovered in OpenSSH with a CVSS score of 7.0 (High). The National Institute of Standards and Technology (NIST) have said "As a consequence of a successful attack, in the worst case scenario, the attacker may be able to perform a remote code execution (RCE) within unprivileged user running the sshd server" (CVE-2024-6409). OpenSSH is a suite of secure networking utilities based on the SSH protocol and is crucial for secure communication over unsecured networks. It [...]

The Digital Operational Resilience Act (DORA) is an EU regulation that entered into force on 16 January 2023 and will apply as of 17 January 2025. Its goal is to enhance the cyber resilience of the financial sector, ensuring that financial institutions, including banks, investment firms, and insurance companies, can withstand and recover from various types of digital disruptions and cyber threats. What's behind DORA? In February 2016, the world saw it's first cyber bank heist, proving that there was [...]

IT Hardware, Software & Vulnerability Audit: Not just for Christmas This blog explores the concept of IT hardware, software and vulnerability audit. It highlights their crucial role in an organisation's IT security strategy, compliance with regulations, cyber security framework accreditation, and business insurance policies related to cyber security coverage. It emphasises the benefits and outcomes of such audits and argues for adopting real-time, always-on audits as a standard practice for IT teams. Introduction In today's digital landscape, businesses rely heavily [...]

The Critical Role of Vulnerability Management in Network Security Strategy   In today's digital landscape, a robust network security is paramount for organisations to protect their sensitive data and maintain customer trust. An effective network security strategy requires a proactive approach that addresses vulnerabilities before they can be exploited. This is where vulnerability management comes into play. In this blog post, we will delve into the importance of vulnerability management in network security and its crucial role in achieving [...]

Vulnerability management is one of the most important cyber security tasks. But it is also tricky and complex, giving rise to dangerous misconceptions which can lead to misguided practices and ineffective security. When it comes to communicating vulnerabilities, risks and threats to senior management, misconceptions can greatly harm communication and have a knock-on effect to your security strategy. Don't let the myths stand in your way, get the facts and sharpen your security. Myth 1. Vulnerability management and patch management [...]

Researchers uncover a new strain of malware with unusual features Check Point Research (CPR) uncovered a mysterious, new strain of ransomware. What stands out most, is that it's completely unbranded, very unusual for the ransomware ecosystem where reputation is everything. It also boasts faster encryption speeds than any other strain before and has rare, unusual features compared to others. What do you see in the inkblots? This new strain of ransomware is unusually customisable, allowing users to deploy it how [...]