CND are proud sponsors of the Isle of Man Code Club Teams that headed to the CyberCenturion National Finals this year! IoM Code Club sent two teams into the top 15 spots in the competition; they scored some of the best scores out of 400 teams. The teams, CyberAces and The Toast Mine of Cookies, competed in the U.K. in April. CyberCenturion is a Cyb...

New Alerts for McAfee and Apache. SecurityWizardry.com - Vulnerability Details Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. https://www.securitywizardry.com/index.php/the-radar-page/alert-details#alerts Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar....

New Alerts for IPCOMM, VMware, Microsoft Edge, IBM, Hitachi, SolarWinds, and Linux. SecurityWizardry.com - Vulnerability Details Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. https://www.securitywizardry.com/index.php/the-radar-page/alert-details#alerts Security Wizardry Cyber T...

The Techies Awards 2021, took place on 4th November; organised by The Business Exchange. The Techies Awards showcase the vibrant and innovative tech community of Swindon and Wiltshire, and this year, CND were proud sponsors of the "Best Tech Start-up" category, which celebrates the region's most promising tech start-up. Moreover, CND are delighted ...

In case you've been living under a rock the past week then chances are you have heard either Log4Shell or Log4j thrown around in great anger, and for good reason! Log4Shell is the name that is being given to a critical vulnerability that is sweeping the internet, home users and enterprises alike. The vulnerability is particularly nasty as it allows...

Monthly Patches are out for Microsoft (Exploit) and Adobe. New Alerts for Aruba, Advantech, Draytek, and Linux.      Palo Alto Network Monthly Patches should be out this afternoon. SecurityWizardry.com - Vulnerability Details Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and indu...

New Alerts for Cisco, Mitsubishi Electric, and Johnson Controls    SecurityWizardry.com - Vulnerability Details Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. https://www.securitywizardry.com/index.php/the-radar-page/alert-details#alerts Security Wizardry Cyber Threat I...

New Alerts for Microsoft Edge (Exploit), ENDRESS+HAUSER, Lenze, Bosch, NETGEAR, Squid, F5, and Linux.   Tomorrow is Mobile Patch Day for three vendors. SecurityWizardry.com - Vulnerability Details Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. https://www.securitywizardry.co...

What is the Dark Web? Before you dive into the world of the dark web it's important to understand what it is and what you might find on it. The Dark web is a section of the internet that is not indexed by your 'regular' browsers, nor can it be accessed by the generic browsers such as Chrome, Edge or Firefox and instead requires a browser such as th...

My family and I moved home last week and everyone knows what a chaotic and stressful time this can be. There are in-fact quite a few cyber threat vectors when moving and during the move process my conveyancing solicitors e-mail server was targeted by a threat actor; the goal of this is to persuade would be buyers and sellers to ...

All cyber security practitioners will be familiar with that glazed look in the eye of a non IT muggle when you start talking in cyber to them. The same happened when I mentioned the SolarWinds hack yesterday, so I used an analogy based on castles in England 1000 years ago, it went like this: "...King Putinski's greed in stealing the siege weap...

Brilliant it's nearly Christmas and I'm sure everyone is looking forward to a good break and sigh of relief over the Christmas break. However there is one festivity that takes place year round (no it isn't festivus for any Seinfeld fans out there), I'm of course talking about xmas tree scanning. This is a type of port scan whereby your threat ...

Last week saw Splunk .conf 2020 take place and instead of a Las Vegas venue it swapped to a virtual event, as with so much as an effect of Covid-19. This was my first Splunk .conf event and for the un-initiated there are a huge variety of talks, in all 230 this year and obviously the focus for myself and CND colleagues was on cyber security related...

This week saw the release of Nmap 7.90 although as yet my particular Linux distro repository has yet to be updated (manual installation thus required). For security professionals it's worth reading the full release announcement here (URL), there are some significant changes and impressively the number of OS fingerprints is up to 5,678. If you've st...

Ransomware has become one of the most widely reported cyber threats in recent time. It has affected countless individuals worldwide as well as organisations of all sizes across a diverse range of industries and sectors. For those new to the term, ransomware typically involves the introduction of malware onto a system that locks (encrypts) files and...

Ask most Linux users or administrators what their favourite shell is, and you will probably be met by a brief pause and a bemused look, what else is there other than BASH (URL) or the Bourne Again Shell? Well, it depends on the *nix distro that you're using and what is installed by default, but for many of my contemporaries starting a new script wi...

Most of our readers will be familiar with security researcher Troy Hunt's password breach project 'haveibeenpwned', a simple explanation is that it hosts a database of password breaches which can be searched for exposure. If your company or organisation has suffered from a hacking incident then there's a reasonable chance that any credentials or ha...

So, each week I've been writing a tech blog article on some of the trends we see in machine data to one of our monitored web assets. One of the automated searches we have running is long URI's in this case as a POST to the server and below you can see the output of this: Firstly, the raw data needs to be run through a decoder before we can see what...

I don't think I'm alone as a business owner when I worry about the possibility of being breached. There must be many more like me who over the years have detected something which suggests that the worst has actually happened.  Fortunately, "touch wood" these incidents are few and far between and they have all been false pos...

Unless you've been fortunate enough to have been living on a desert island these past few years, then there is a pretty good chance you will have heard of the Cyber Essentials scheme. Cyber Essentials was launched back in 2014 by the National Cyber Security Centre (part of GCHQ) as a UK Government backed initiative aimed at improving the basic leve...