You might have never heard of the term “Layered Security”, but it’s an important one. Whether you’re responsible for IT within a small business, or the head of a team looking after thirty thousand users on an enterprise network, a layered approach to security is vital.There is no single solution for security, as you will have noticed with the protections we all use on our home computers. You might for instance have some anti-virus software, a windows firewall, and maybe a tool to stop spam arriving in your inbox. You might also use parental controls to prevent children from accessing inappropriate material on the internet, or you might use a device to access home banking. It’s a challenge to cover of all this, and you probably have gaps you don’t even know about.It’s even more complex in the business environment, because there are more people involved, working in different ways, from different places. There are more systems that need to be accessed, there is more customer data being stored, and there is the threat of huge GDPR fines if you don’t look after that data sufficiently.It’s a serious responsibility and the threat to businesses of any size is very real, so if you’re not focused on IT security on a daily basis, then you really should be.
Whether you’re a small or medium sized business with an IT provider or a larger business with internal IT teams - do you know how good they are in terms of security? Would you know how to assess them – to see how capable they are at securing your business? Is security included in their offering as standard… and if it is – to what extent? Are your staff aware of everyday practices that help to keep you secure and do you have that protective mindset drilled into staff from the top level down?These are just a few of the questions you should be asking. You also need to secure your data, your applications, your endpoints (like computers, tablet devices and mobiles), your network (both internally, as well as it’s connection to the outside world), and of course secure any company websites you have.You need staff to be informed of appropriate working practices like password choices and how they share data, and you need to be able to control what they can and cannot access whilst on one of your devices.It’s a lot to consider!Unless you have a clear picture of all of this within your business, you are at risk of a breach.Stop and think for a minute about what it would mean for your business if it:
You might be thinking it will never happen, but unless you want to gamble with days of lost business, ransomware attacks and data loss, you ought to be taking proactive action.At Ironshare we can help you with that.You won’t find a wonder product or a “SECURITY SILVER BULLET” but there are lots of viable solutions to address gaps in your current setup (these gaps will exist – we see them every time).Some of those solutions might just be working practices, whilst others might require software solutions to automate and protect your business. We can advise on what’s best for you.For a fraction of the cost of a cyber attack, we work with you to assess your current setup, help form a plan and deliver a layered security approach that means your business can feel confident that the correct measures are in place.We won’t over complicate matters, we’ll give you straightforward advice and let you know where you are most at risk. You might even be under attack now.Whatever the situation, our team of experienced Cyber Security professionals can help.Ironshare – Security, Simplified.About Ironshare Ltd:Ironshare is a provider of Information and Cyber Security services. With over 80 years of combined industry experience, Ironshare focuses on helping its customers to achieve a greater understanding of the risks to their organisation, whether large or small, while ensuring that defined Security solutions are delivered in simple and effective manner.
By
Stuart Hare
on
2/10/18
Birmingham, United Kingdom: Ironshare Ltd announce their cyber security consultancy services are now available to the UK Government sector via Digital Outcomes and Specialists 3 (DOS 3).DOS 3 is the third iteration of the government’s Digital Outcomes and Specialists framework and features four individual lots. Ironshare feature in the Digital Specialists lot, which sees suppliers “provide government departments and teams with specialists for work on a service, programme or project”.Bidding for a place on the Crown Commercial Service framework was open from 18 July to 22 August, with services going live on the Digital Marketplace today, Monday 1st October 2018.The framework comes with an estimated value of up to £1.2bn and will run for an initial term of 12 months – plus an optional one-year extension. Public-sector organisations can use the vehicle to award suppliers call-off contracts lasting up to 30 months in total.“We’re committed to delivering for the UK Government sector and look forward to providing services on public sector projects. We offer great value for the taxpayer through our cost-effective offering, and being available via the DOS 3 framework makes our services more accessible for UK public service departments to procure, helping them realise benefits faster” said James Phipps, Non-Executive Chairman at Ironshare Ltd.The public sector market for cloud products and services has been growing at about 50% a year for the last three years, and it’s believed that the rate will grow even further over the next 12 months.The Crown Commercial Service recently revealed its expectation that, by June 2019, the annual consumption of professional services via the frameworks would reach between £1.7bn and £2bn. If this does materialise, thousands of additional skilled IT professionals are going to be engaged.James Phipps continued, “The DOS 3 framework ensures that Ironshare can respond to the demands of UK government departments avoiding lengthy tender processes. This suits us as we’re a relatively small company but we deliver results in a fast and effective way, with the attention to detail and personal service that other larger companies sometimes struggle with.”About Ironshare Ltd:Ironshare is a provider of Information and Cyber Security services. With over 80 years of combined industry experience, Ironshare focuses on helping its customers to achieve a greater understanding of the risks to their organisation, whether large or small, while ensuring that defined Security solutions are delivered in simple and effective manner.
By
James Phipps
on
1/10/18
Welcome to Ironshare’s Cyber Round-up, where we take a look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.
Computer fraud through Social Engineering techniques has been around for quite some time, but there seems to have been a spike in its use over the past few months. Both home and Small to Medium business users are being targeted by foreign actors, who call up the victim pretending to be from the call centre of legitimate organisations (such as Internet Service Providers (ISP) etc.) with the goal of enticing important or personal information from them.A common example we have witnessed recently, is where an actor reporting to be from a known UK ISP, tries to convince the victim that their Internet service or associated Wi-Fi network has been compromised by an attacker and is being used for malicious activity. By inciting fear or uncertainty into the victim, they then move to gain their personal information. In some cases, they also promise to the help the victim recover from the compromise requesting information that will allow access to their network or equipment.These social engineering techniques are the first steps for the actors which can then result in computer network compromise, computer fraud and identity theft.Please always be vigilant with telephone calls such as these, genuine companies do not behave this way. If someone calls you and says that there is something wrong with your computer, or you can not confirm they are who they say they are, end the call straight away. If in doubt just Hang Up!If you think you have been a victim of fraud, the UK Police force have established the Action Fraud website that provides an easy online method to report any instances of fraud and cyber crime.https://www.actionfraud.police.uk/
This week the Microsoft Ignite conference was the platform for a number of security announcements in their product lines, with the headline being the Password free access to a whole bunch of MS applications.A number of security updates were announced which included; the introduction of Microsoft Threat Protection, a new end to end detection and protection solution; significant updates to Microsoft Secure score, which includes further integration with cloud products such as Azure AD and Intune MDM; enhanced features and controls for Intune MDM; enhancements to the MS Compliance Manager; and of course, the ability to access MS services without a password.Microsoft’s goal to remove the use of passwords has been ongoing for a while now, and this announcement now shows that they have made significant steps to making this a reality.Poorly configured passwords that can be easily exposed are one of the prime causes of system compromise and data loss today, so something does need to change. Microsoft’s answer to this, at least initially, is to allow users of their services to abolish the use of passwords, replacing them with the use of the Microsoft Authenticator mobile application.Windows 10 and Office 365 users will now have the option to switch to using Authenticator to login to their devices and services. Once this is enabled the user will enter their username and a notification will be sent to the Authenticator app on their iOS or Android phone, which will then need to be approved before access is granted. Approval is achieved through the mobile phones built-in authentication methods of facial recognition, fingerprint ID or PIN number.Microsoft’s VP for Security states in his blog: “Using a multi-factor sign-in method, you can reduce compromise by 99.9 percent, and you can make the user experience simpler by eliminating passwords. No company lets enterprises eliminate more passwords than Microsoft. Today, we are declaring an end to the era of passwords.”Although this is positive step forward, with the general take up of multifactor authentication and these authenticator apps still being very low, if and how quick this new password free method will be adopted remains to be seen. Is this the start for the death of the password, only time will tell.https://cloudblogs.microsoft.com/microsoftsecure/2018/09/24/delivering-security-innovation-that-puts-microsofts-experience-to-work-for-you/
Talos, the fighting force of threat intelligence behind all Cisco security products, have issued their latest update on the in-depth investigation into the VPNFilter malware that has targeted in excess of 500,000 network devices throughout this year.VPNFilter is a modular piece of malware that has multiple stages to its infection and capabilities, that has resulted in the compromise of network hardware around the globe. The malware has predominantly targeted small office home office equipment by manufacturers such as MicroTik, Netgear, Linksys and TP-Link. The biggest concern with VPNFilter is its stage 2 destructive capability that can erase the devices firmware and render it unusable.Talos in conjunction with other members of the Cyber Threat Alliance have been monitoring and investigating the activities and impact of the malware since early this year. They have released two previous posts, one in May that breaks down the initial analysis and the second in June that provided further updates on this threat.This third-round post provides an update on the multistage aspects of the malware, which has uncovered an additional seven modules that greatly expands its malicious capabilities.These newly discovered modules include a Denial of service utility, HTTP inspection, network mapping function, network traffic forwarding and a reverse TCP VPN, that provides all the tools the actors need for complete network compromise.This post is a very technical breakdown of the malware so is not for everyone.If you suspect you have an infected device it is recommended that you perform a factory reset, upgrade to the latest firmware and then reboot the device in order to remove this malware.https://blog.talosintelligence.com/2018/09/vpnfilter-part-3.html
Researchers at Qualys have discovered a new Kernel bug dubbed ‘Mutagen Astronomy’ that impacts 64-bit Kernel versions between 2007 and July 2017 in the Red Hat, Debian and CentOs Linux distributions.This vulnerability marked as CVE-2018-14634 has a CVSS Score of 7.8 and is classified as Important. Through direct access to the server an actor can exploit a buffer overflow flaw that results in a local privilege escalation.Qualys reported that proof of concept exploits are available for this vulnerability so it is advised that updates are carried out quickly. Recommendations to mitigate or workaround this issue can be found at the links below:https://access.redhat.com/security/cve/cve-2018-14634https://security-tracker.debian.org/tracker/CVE-2018-14634That’s it for this edition but please tune in for our next instalment.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailListYou can also follow us using the social media links provided.If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReviewIronshare – Security SimplifiedEdition #10 – 28th September 2018
By
Stuart Hare
on
28/9/18
Welcome to the Ironshare Cyber Round-up, where we take a look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.
Magecart, the hacking group behind the recent British Airways & Ticketmaster data breaches, have been at it again this time hitting the very popular American retailer Newegg via its e-commerce website.Fresh off publishing the details on the British Airways compromise, RiskIQ researchers in collaboration with Volexity have published a similar report on the latest victims, Newegg.For approximately 1 month between August 14th and September 18th, the attacker placed skimmer code was present on Newegg.com. The skimmer integrated with its checkout process to extract customer information and credit card data, before forwarding it to their Magecart server.This skimmer code shared the same base components with the BA breach although it was condensed down to just 15 lines of script.RiskIQ state: “The breach of Newegg shows the true extent of Magecart operators’ reach. These attacks are not confined to certain geolocations or specific industries—any organization that processes payments online is a target. The elements of the British Airways attacks were all present in the attack on Newegg: they integrated with the victim’s payment system and blended with the infrastructure, staying there as long as possible.”Full report: https://www.riskiq.com/blog/labs/magecart-newegg/If you carried out any transactions on Newegg.com between August 14th and September 18th it is recommended that you contact your bank or credit card company to report the breach, requesting your cards be cancelled and replaced.
Tenable Research reported early this week on their discovery of a new zero-day bug in NUUO CCTV products they have called Peekaboo. This zero-day comprises of two vulnerabilities, the first is rated critical and results in an unauthenticated buffer overflow that permits remote code execution (CVSS 10.0), while the second is a medium rated backdoor left in debug code (CVSS 4.0).These vulnerabilities were found in the NUUO NVRMini2, which provides network attached storage, video recording and the viewing of CCTV video feeds. One of the big issues is related to NUUO white labelling its software for third party vendors, meaning a full list of affected products is unclear.A fix for these vulnerabilities is now available from NUUO and users are recommended to upgrade to the updated version of software ASAP.https://www.tenable.com/blog/tenable-research-advisory-peekaboo-critical-vulnerability-in-nuuo-network-video-recorder
The Cyber Threat Alliance have this week released a white paper on the increasing threat from Cryptocurrency Mining. This report explains the threat, how it impacts its victims, while also including the counter measures and best practice safeguards that can be applied to combat it.Crytpo-mining is a legitimate process for improving a crypto-currency. This mining process is made illicit when a malicious party compromises another user’s computer processing power for mining activities without that user’s knowledge or consent.As crypto-mining can result in the miner generating funds, it has become a go to method for cyber criminals largely replacing the money generating activities previously found in Ransomware. The full report and its key findings can be found through the links below:Key Findings: https://www.cyberthreatalliance.org/wp-content/uploads/2018/09/CTA-Illicit-CryptoMining-Key-Findings.pdfFull report: https://www.cyberthreatalliance.org/wp-content/uploads/2018/09/CTA-Illicit-CryptoMining-Whitepaper.pdfThe papers conclude by calling on network defenders to implement recommended defensive best practices to combat the threat of crypto-mining and disrupt the criminal money making efforts.The Cyber Threat Alliance (CTA) is a formally organized group of cybersecurity experts from organisations across the industry. Their goal is to work together, sharing threat intelligence and information to improve global defences against advanced cyber adversaries. CTAs members include industry leading companies such as Cisco, Juniper, Fortinet, Rapid 7 & Sophos to name a few.
If you are a Cisco Firepower customer, you might want to check out their latest Field Notice update for FXOS in the Firepower 4100 and 9300 platforms.Due to a memory leak bug that exists in code versions prior to v2.2, an affected device will suffer a Kernel panic and reboot after approximately 210 days of uptime.Cisco recommends that customer devices running the impacted code should upgrade to the latest version of operating system software to address this issue. For more information including the affected and fixed versions of software please see the link below:https://www.cisco.com/c/en/us/support/docs/field-notices/643/fn64327.htmlThat’s it for this edition but please tune in for our next instalment.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailListYou can also follow us using the social media links provided.If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReviewIronshare – Security SimplifiedEdition #9 – 21st September 2018
By
Stuart Hare
on
21/9/18
Welcome to this week’s Ironshare’s Cyber Round-up, where we take a look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.
The European Court of Human Rights (ECHR) have finally ruled that the mass data collection activities that were carried out by GCHQ, have violated the European convention on human rights that is in place to guarantee privacy.The GCHQ has been under investigation by the ECHR since 2013 when the whistle-blower Edward Snowden released classified information that the US and UK governments were secretly capturing the private data and communications of millions of people.The ECHR carried out a comprehensive investigation into these allegations that focused on the previous regimes mass interception of communications. ECHR deemed that GCHQ had violated article 8 of the European Humans rights convention, based on the lack of safeguards and governance related to the collection of this data.Snowden has responded to the result via his twitter feed:
“For five long years, governments have denied that global mass surveillance violates of your rights. And for five long years, we have chased them through the doors of every court. Today, we won. Don't thank me: thank all of those who never stopped fighting.”
Interestingly the ECHR ruled that the GCHQ had not violated any rights in relation to its intelligence sharing with foreign governments, although they did suggest abuse of the intelligence services power was evident.GCHQ (Government Communications Headquarters) forms the centre of the UKs intelligence agencies and work alongside the more familiar MI5 and MI6 agencies. They provide intelligence to law enforcement and the armed forces to protect the UK and its citizens from malicious states and groups.With the interests of national security at the top of most countries lists of priorities, and the constant threat of terror related activities in our modern world, citizens privacy in this area will continue to be a very divisive topic.https://www.theguardian.com/uk-news/2018/sep/13/gchq-data-collection-violated-human-rights-strasbourg-court-rules
Patch Tuesday, Microsoft’s monthly release of product software updates came out on Tuesday 11th September and included fixes for over 60 known vulnerabilities, of which 15 were security updates classed as Critical.As expected this patch update also included the fix for the Task scheduler zero-day vulnerability we covered in a previous post. The vulnerability allows attackers to escalate compromised local account privileges to SYSTEM level. This is welcome news on the back of reports highlighting that the attacker group known as PowerPool were already using this exploit in newly developed versions of their malware.In addition, fixes for the 15 critical vulnerabilities are included, which if exploited, all result in a form of remote code execution, in products such as Windows 10, Microsoft’s Edge browser, .NET and Hyper-V.We recommend reviewing these patches and updating as soon as possible.http://bit.ly/IronMSPTSept18
For several months now Talos have been tracking and analysing a targeted malware campaign that uses MDM (Mobile Device Management) services to compromise a victim’s mobile phone. The attack was specific to iOS devices, and by tricking the victim to enrol with their MDM server the attackers were able to deploy malicious versions of popular messaging apps such as WhatsApp and Telegram.In their third blog instalment for this campaign Talos discuss the additional research carried out that has highlighted how the attackers used age related restrictions on the iOS operating system, to hide legitimate applications and only displaying their malicious apps.Note that MDM is a legitimate solution for enterprises to manage their mobile devices. This threat comes from tricking the user to register with a malicious MDM using the valid registration process in iOS, and is not a bug or vulnerability in the product.The post includes information and videos on what to look for, how to check your devices for compromise and how to remove it.https://blog.talosintelligence.com/2018/09/ios-mdm-hide-the-app.htmlThat’s it for this edition but please tune in for our next instalment.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailListYou can also follow us using the social media links provided.If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReviewIronshare – Security SimplifiedEdition #8 – 14th September 2018
By
Stuart Hare
on
14/9/18
Welcome to this week’s Ironshare’s Cyber Round-up, where we take a look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.
This week the British TV licensing website www.tvlicensing.co.uk was highlighted to have a serious flaw that allowed customer personal information and payment details to be submitted over an insecure HTTP connection.A lengthy twitter thread was started when Mark Cook (@Thetafferboy) published a blog on the current issues with the website.https://i83.co.uk/why-tvlicensing-co-uk-are-processing-millions-of-customers-data-insecurely/Mark Cook contacted TV licensing via their twitter account and after initially ignoring him they eventually responded with the following statement:
“Our website is secure and security certificates are up to date. Pages where customers enter data are HTTPS. Non-HTTPS pages are safe to use despite messages from some browsers (e.g. Chrome) that say they are not.”
The screenshot below of the insecure payment page provided evidence that this certainly was not the case.
The website was taking offline on the Wednesday for what was stated as planned maintenance, but as we write the site is still reporting it is offline.
TV licensing has also responded to questions from The Register, admitting that issues have been found in the websites transactional pages and that they were being addressed:
“We take security very seriously which is why we use encryption for all payment transactions. However, an issue has been brought to our attention over the recent level of security on transactional pages which were previously fully secure via HTTPS, and as a precaution, we have taken the website offline until this is resolved and are working urgently to fix it. We've identified that this issue has happened very recently, and we're not aware of anyone's data being compromised.”
As the industry is pushing to encourage people and organisations to migrate away from insecure HTTP services, this provides a clear reminder of the pitfalls that can occur when using a mix of insecure HTTP and encrypted HTTPS.Ensure you perform regular testing and reviews of your internet services to confirm issues such as this are not introduced, especially when performing updates or system changes.Our advice is that everyone should now be considering the move to HTTPS for all web content, not just pages that collect personal or financial information.
British Airways are one of the latest companies to experience a data breach, after a reported hack has resulted in the personal and financial details of approximately 380,000 customers being compromised.According to reports the passport and travel details for passengers were not leaked during the attack, which occurred between August 21st and September 5th.A statement by BA has confirmed that the issues related to this breach have now been resolved and the website is working normally, but this will not be any comfort to the customers that have lost their information.BA are in the process of communicating with any customers that may have been affected, and they have confirmed that the authorities have been engaged.If you are a customer that has made a booking with BA during the period of 21st August to 5th September, then it is advised that you check your credit card or bank details for any unauthorised transactions and get in touch with your bank to advise them of the compromise to your details.https://www.thesun.co.uk/money/7195832/british-airways-hacked-personal-data-bank-details-stolen/
August saw the discovery of a new variant of Ransomware by the Malware Hunter Team, called ‘RansomWarrior’. Since then the Checkpoint Research team has been analysing the sample that was poorly developed by a group of hackers from India.Checkpoints blog (link below) highlights that the group are possibly new to the ransomware game, due to the fact that key common techniques to secure the malware were missing.During the analysis Checkpoint found that Ransom Warrior stored the key index locally and the encryption key is selected randomly from a list of 1000 keys hardcoded into the ransomware. This has made it easier for Checkpoint to extract the keys and develop a tool that will allow victims to decrypt their files.https://research.checkpoint.com/ransom-warrior-decryption-tool/If you have been a victim of the Ransom Warrior malware, the decryption tool can be downloaded here: https://research.checkpoint.com/wp-content/uploads/2018/08/RansomWarrior_Decryption_Tool.zip
Cisco released a number of Critical to Medium impact vulnerabilities on the 5th September covering a number of different products and services that were affected.Included in this release were 3 vulnerabilities related to the Cisco Umbrella Secure Internet Gateway service. These issues focus on the Umbrella Roaming Client, the AnyConnect Roaming module and the Umbrella API.For more information see below post related to these advisories:https://www.ironshare.co.uk/security-advisory/cisco-security-vulnerabilities-advisories-sept-18/That’s it for this edition but please tune in for our next instalment.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailListYou can also follow us using the social media links provided.If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReviewIronshare – Security SimplifiedEdition #7 – 7th September 2018
By
Stuart Hare
on
7/9/18
Cisco have released a number of security advisories on 5th September regarding current product vulnerabilities, with impact ratings ranging from critical to medium. The advisories, as well as any information about affected products can be found at the following link:https://tools.cisco.com/security/center/publicationListing.x
A recent vulnerability discovered in the Cisco Umbrella API (Application Programming Interface) could potentially allow an attacker to gain remote unauthorized access to read, change or delete data across multiple organisations.This vulnerability exists due to a lack of authentication configuration for the Umbrella API component.As this is specific to the Umbrella API which is used to integrate Umbrella with other products and services for increased visibility and security enforcement, Cisco Umbrella is the only product/service affected by this vulnerability.There are no workarounds for this, but Cisco have released software updates to address the issue, meaning there are no required actions for their Umbrella customers.Severity: CRITICALCVSS Score: Base 9.1The security advisory for this vulnerability is available at the following link:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api
Two vulnerabilities have been disclosed for the Cisco Umbrella Enterprise Roaming Client (ERC) and the Cisco Umbrella Roaming module which could potentially allow an attacker to elevate their privileges to Administrator level; however, to exploit this vulnerability, the attacker must be an authenticated user with valid local user credentials.Both issues exist due to file system permissions being implemented incorrectly, which allows non-admin users to send files to restricted directories.CVE-2018-0437 affects Cisco Umbrella ERC releases prior to 2.1.118 and Cisco AnyConnect Umbrella Roaming Module releases prior to 4.6.1098.CVE-2018-0438 affects Cisco Umbrella ERC releases prior to 2.1.127.There are no workarounds available, but Cisco have released software updates to address the issue.We recommend that customers plan an upgrade of their current roaming client at the earliest opportunity.Severity: HIGHCVSS Score: Base 7.8The security advisories for these vulnerabilities are available at the following link:CVE-2018-0437: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-privCVE-2018-0438: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-file-read
By
Joshua Hare
on
6/9/18
Welcome to this week’s Ironshare’s Cyber Round-up, where we take a look back at the events of the last week and handpick some of the news, posts, views, and highlights from the world of Security.
Monday saw the emergence of a new Zero Day bug in the Windows Operating System code. The bug was disclosed by a very unhappy security researcher who doesn’t appear to have followed the process for responsible vulnerability disclosure with Microsoft, instead resorting to posting the proof of concept exploit to Github.This Zero-day flaw when exploited, can result in a local privilege escalation, which provides a standard local user with increased SYSTEM level privileges. The vulnerability exists in the Windows Task Scheduler APIs handling of the Advanced Local Procedure Call interface.The exploit code posted to Github has been tested, and all the latest versions of Windows (win 10 and 2016 Server) are impacted by the vulnerability, even if they are up to date with the latest security patches from Microsoft.As the impact of this vulnerability is limited to the local machine the base CVSS score has been set at 6.8. Microsoft has since acknowledged the bug and although not confirmed, it is expected to be covered in the next patch Tuesday scheduled for 11th September.Although this exploit is local in nature it could be used as a component in a larger attack, so please ensure you patch as soon as it become available.https://thehackernews.com/2018/08/windows-zero-day-exploit.htmlCERT/CC notice: https://www.kb.cert.org/vuls/id/906424
Following our reports of Instagram account hacks in a previous edition of the round-up, Instagram have this week announced their plans to improve their security for its user accounts and two-factor authentication service.As you may recall, Instagram’s existing 2FA service relied on using SMS based one-time authentication codes sent by text message to a user’s mobile handset. The attackers took advantage of known exploits in SMS based 2FA to hijack a large number of Instagram accounts.In response to this Instagram have confirmed that they are implementing important steps to help secure their users accounts. In addition to adding more account information and verification, so that the authenticity of the accounts can be confirmed, they are also adding support for Third party Authenticator Applications.Authenticator Apps like ‘Google Authenticator’ that can be downloaded to your mobile phone, automatically generate one-time codes or tokens every 30 secs, and are considered far more secure than SMS based 2FA.Instagram have reported that the rollout of these improvements are already underway and should be available to global community in the coming weeks. If you are an Instagram user, it is highly recommended that you move to 2FA using a supported Authenticator App as soon as it becomes available.https://instagram-press.com/blog/2018/08/28/new-tools-to-help-keep-instagram-safe/
Earlier this month the US passed the NIST Small Business Cyber Security Act into Law, which requires the National Institute of Standards and Technology to provide ‘clear and concise’ information that will help Small Businesses identify and manage their Cyber Security risks.https://www.securityweek.com/nist-small-business-cybersecurity-act-becomes-lawThe act is a good step forward and has been well received by the security industry. Its goal is to deliver common sets of guidance that are applicable to a wide range of business types and sizes, and importantly should remain vendor and technology neutral, which ensures compatibility with Off-the-shelf products and solutions.As the impact of a cyber-attack is typically far greater for a small business, who generally are less likely to recover from such an event, the hope is that by simplifying the basic security guidelines, organisations will find it far easier and more cost effective to adopt.In the UK, our own National Cyber Security Centre (NCSC) provides excellent guidance to assist companies improve their Cyber Security, which includes information for Small Businesses and Charities.One of the discussed drawbacks to this new US law is that if it’s not a regulation or an audited framework then its unlikely to be a success.NCSC had similar issues in the early days post the release of the ’10 Steps to Cyber Security’. Although the contents were sound, it was not well known, and companies were unsure of how to correctly the implement the guidance it provided. This led to the introduction of the Cyber Essentials certification program.Cyber Essentials provides two levels of certification (Cyber Essentials and Cyber Essentials Plus) for companies that do not have the resources to develop a full-blown cyber security practice. By achieving Cyber Essentials certification, you and your customers can have the confidence that your organisation is covering the fundamental practices and guidance that is needed to protect against the most common types of attacks.If you are a Small to Medium business and need to improve your Cyber Security posture or require assistance with achieving Cyber Essentials certification, why not get in touch and see if Ironshare can help you on your journey.
I came across an interesting post by Troy Hunt this week, highlighting a Let’s Encrypt community post from last year that was issued in response to some false claims by the Domain name registrar, Namecheap. The Domain name company tried to debunk the use of Let’s Encrypts free certificate authority service but have failed miserably in their attempts.The irony in this is that Namecheap are now using Let’s Encrypt certificates for their own domains, while still informing customers that LE’s service is not as secure as a paid for SSL certificate.Let’s Encrypts response can be viewed below, and deals with busting some of the myths around its service. If you are considering using this free certificate service, but still have some doubts then take a look.https://community.letsencrypt.org/t/response-to-inaccurate-customer-support-email/25919Let’s Encrypt is an automated and open certificate authority, that was established to assist the public to enable the adoption of secure websites (using HTTPS), all free of charge. Basically, if you own a website / domain name you can use LE to obtain a trusted certificate at zero cost.Since this response was published last year, Let’s Encrypt now also provides wildcard certificates.The free SSL certificates provided by Let’s Encrypt is a great idea for moving any companies web services to HTTPS. Their user base is growing rapidly (now at 125 million domains serviced), and with the recent update that their Root CA is now trusted by all major providers, things are only going to improve.That’s it for this edition but please tune in for our next instalment.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailListYou can also follow us using the social media links provided.If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReviewIronshare – Security SimplifiedEdition #6 – 31st August 2018
By
Stuart Hare
on
31/8/18
Welcome to this week’s Ironshare’s Cyber Round-up, where we take a look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.
Although there appears to have been a slow down in the number Ransomware attacks in comparison to last year, there is still a steady stream of news that tells us that Ransomware is not going away any time soon.We reported a couple of weeks ago on the success of the SAMSAM ransomware that continues to wreak havoc and roll in the cash. This week the Malware Hunter team have highlighted a new strain called RYUK via their twitter feed, that has targeted a handful of victims in the US & Germany, which includes a healthcare related organisation.https://twitter.com/malwrhunterteam/status/1030706039144906752RYUK’s recent activity appears to have already pulled in over $600,000 in Bitcoin. BleepingComputer have published a blog about this new RYUK strain, which when infected, encrypts all files on the target system.https://www.bleepingcomputer.com/news/security/ryuk-ransomware-crew-makes-640-000-in-recent-activity-surge/NOTE: currently there is no publicly available decryption tool available for RYUK.
This week Ironshare engaged with a new client who has been the unfortunate victim of a Ransomware attack. We have assisted the company and their IT service provider, with their response and recovery from this incident. During the investigation we discovered that this was their second attack in the last couple of years, and they did not have the necessary controls, processes and practices in place to protect them.The Ransomware has been identified as a variant of the Crysis/Dharma family, which uses the extension ‘.combo’. The Crysis/Dharma family of Ransomware have been the most common variants we have come across in the last 12 months.We highlight this in the hope that organisations can learn from the misfortune of others, by ensuring they have the right controls & practices in place that can protect them from this type of attack:
If you think that you may have been the victim of an attack, need help with your investigation, identifying and closing gaps or getting back to business as usual, please get in touch .
Almost a year on since the Equifax mass data breach, where an unpatched Apache Struts vulnerability saw the company lose the personal details of 147 million customers, Apache have published a security notice advising of a new remote code execution bug in their Struts 2 web component.Apache Struts is a widely adopted, open source platform for Java based web development, which basically means that any web applications that have been developed using Apache Struts are potentially vulnerable to exploit.The bug, discovered by researchers at Semmle, results in a remote code execution vulnerability (ranked as one of the most dangerous), allowing bad actors to completely compromise a vulnerable system over the internet, putting both the network and data at significant risk. By sending the right requests to the system using simply a web browser, the actor can run any commands they wish.It is highly recommended that any organisation that uses Apache Struts 2 reviews and upgrades their Struts web components immediately. It is understood that code to exploit this vulnerability is already in the wild. Keep in mind that the Equifax breach mentioned above was carried out within days of the previous vulnerability being disclosed, so please DO NOT DELAY.See below for Semmle’s write up for a more complete run down on the vulnerability.https://semmle.com/news/apache-struts-CVE-2018-11776
A flaw in the popular Belkin Wemo Insight Smart Plug has been disclosed recently, that can allow attackers to gain a foothold of control on the home network. Smart plugs, via connection to the homes Wi-Fi, allows a home user to automate functions such as controlling lights and household appliances through either a smart phone, or integration with Amazon Alexa for voice activated control.The identified buffer overflow vulnerability, if unpatched, allows a malicious actor to take control of the Smart Plug, allowing it to be turned on or off. As most home networks are flat with limited segmentation, the compromised Smart plug could then be used to compromise other devices on the home network, such as computers, TV’s and internet routers.Once in control of the Smart plug remote code execution can then be used to install malware on to connected home devices. This is a common technique, that can result in adding the infected device to a botnet or to participate in cryptomining activities (as witnessed with the Mirai IOT botnet and the VPNFilter campaign).As with all computer devices you should ensure that everything on your home network, including IOT devices, are kept up to date with the latest security patches, which will help to minimise your exposure to these attacks.For more information see the ThreatPost blog:https://threatpost.com/belkin-iot-smart-plug-flaw-allows-remote-code-execution-in-smart-homes/136732/
The latest blog post released by the Talos team this week, describes multiple tracked campaigns that make use of so-called legitimate software that has been combined to create a malicious botnet.Remcos is a Remote Access Tool (RAT), sold by the website Breaking-Security.net as legitimate remote management software, that provides full remote control of any Windows operating system. Combined with the use of other tools on sale by Breaking Security, which include a key logger, encryption tool, and a mass mailer tool for large scale spam and phishing email distribution, you can see that an actor has all they need to create a new botnet.Where the lines really blur is in some of the stated features of these tools, which include software hiding techniques, Anti-virus evasion, Vmware detection (to identify if they are in a sandbox environment) as well as base-64 encoding and RC4 encryption of data. This seriously questions the legitimacy of the software.Talos describe how they have observed multiple malware campaigns in the wild that are related to the Remcos botnet, making use of targeted spear phishing emails that contain malicious Word and Excel document attachments. These attachments are embedded with macros to carry small executable files which are used to deploy the Remcos malware once enabled.Interestingly Talos also focus on attribution in this post, giving insight into who might be behind the Breaking Security website and the development / sale of the Remcos software.Awareness of the threat posed by Remcos helps organisations to protect themselves from attack. Combining advanced endpoint and email security, with users receiving good security awareness regarding phishing attacks, will significantly improve an organisations security posture in relation to this threat.https://blog.talosintelligence.com/2018/08/picking-apart-remcos.htmlThat’s it for this edition but please tune in for our next instalment.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailListYou can also follow us using the social media links provided.If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReviewIronshare – Security SimplifiedEdition #5 – 24th August 2018
By
Stuart Hare
on
24/8/18
On August 13, 2018 Cisco released an advisory for a new patch on their network operating system after confirming that their IOS (Internetworking Operating System), and its Linux-based counterpart, IOS XE, are both vulnerable to the latest Cryptographic Attack against the IKE (Internet Key Exchange) Protocol.This Medium Severity vulnerability exists in the Operating Systems use of RSA-encrypted nonces. This vulnerability can be exploited by an unauthorized user/attacker to discover the encrypted nonces that are required for authentication in an IKEv1 session.“The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces.” Cisco announced in their Security Advisory.Researchers responsible for uncovering this flaw have said that a successful attack would enable the attacker “to be an active man-in-the middle and read write data to that session.” Meaning they could be secretly relaying messages and altering communication between users without their knowledge.Cisco have released patches for their vulnerable operating system products, while highlighting there are currently no workarounds available that address this vulnerability.According to the Cisco Product Security Incident Response Team (PSIRT), there have been no public announcements or reported signs of malicious activity regarding this vulnerability.It has also been confirmed that the IOS XR software is unaffected by the issue.Severity: MEDIUMCVSS Score: 5.9Advisory details located at the following link:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180813-rsa-nonceBug Tool description:https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve77140
By
Joshua Hare
on
23/8/18
Welcome to this week’s Ironshare’s Cyber Round-up, where we take a look back at the events of the last week and handpick some of the news, posts, views, and highlights from the world of Security.
Great news on the Internet Security front, with TLS 1.3 being approved as the new standard for Internet Security. TLS or Transport Layer Security is the mainstream protocol that is used to securely access websites and web services that use HTTPS. You may know this as its commonly referred to name of SSL; although SSL (Secure Sockets Layer), also a protocol in its own right, is no longer in use, the term is still widely adopted.TLS 1.3 has been in development for approximately 4 years, with many individuals having contributed in their efforts to improve on the flaws and performance related issues of its predecessor TLS 1.2.We can expect a number of significant changes in TLS 1.3, that will result in increased privacy, encryption that is available earlier in the connection, a reduction in connection setup time (by halving the handshake round-trips), and with the use of modern crypto, secure connections will be faster and more efficient than ever.TLS 1.3 is set to provide the underlying foundations for securing the internet for years to come, using modern methods that will improve security, performance and efficiency.The IETF TLS 1.3 update: https://www.ietf.org/blog/tls13/Cloudflare have published a great blog post that provides a detailed look at TLS 1.3, how the protocol has evolved and a breakdown of its improved security benefits.https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/If you are still running standard insecure HTTP on your web enabled services, it’s time to start thinking about a change. In the journey to achieve a more secure internet, global security efforts are now focused on the recommendation that ALL internet-based servers should be moved to HTTPS for secure communication, using a minimum of TLS 1.2.
The last week or so has seen numerous reports of a widescale hack against Instagram accounts, that is rapidly spreading. Many users are finding that they no longer have access to their accounts, and that their personal details and profile pictures are being changed by a malicious third party.When users try and login to their accounts they are being told that their email / username does not exist, and there is no option to perform password resets as the email used to carry out the reset has been replaced with a Russian email domain ending ‘.ru’. Even users that have enabled Two Factor Authentication are finding emails to say that it has been disabled, and the account is no longer accessible. This is the second instance in two weeks where SMS based 2FA has experienced a compromise (see the Reddit breach) .Instagram’s response to these events has been mixed with some users hitting a brick wall and having to create new accounts while they wait for a response or for Instagram’s investigation to continue.What’s key in this is that there are no signs that the actors have made use of the captured accounts to this point. Which leads to the question why hack the accounts? This is something we have seen before and it’s possible that such events can lead to the creation of new botnets, that can be used to spread propaganda and of course Fake News!Typical methods of compromise in these scenarios include email phishing attacks and poor password security. The best course of action is to never use the same password twice and ensure it is complex (contains a mix of phrases, numbers, letters (including capitals) and special characters); and always be vigilant when using email. It’s getting more difficult to detect phishing attempts these days, but only open attachments or click on links if you are sure they come from a trusted source, if in doubt delete!Initial report by Mashable: https://mashable.com/2018/08/13/instagram-hack-locked-out-of-account/?europe=true#HCHmpA_QYqqp
Cortana and Alexa, the AI smart assistants from Microsoft and Amazon have both been in the news this week for the wrong reasons. Microsoft released a fix during this week’s Patch Tuesday for a vulnerability in Cortana, that could allow hackers to access a locked Windows 10 device where it is possible to retrieve confidential information, perform malicious command execution from the locked screen and an elevation of privilege attack.We recommended that you ensure that your systems are updated to run the latest security patches from Microsoft. If this is not possible then Cortana should be disabled to protect against this vulnerability.https://thehackernews.com/2018/06/cortana-hack-windows-password.htmlMicrosoft Security Advisory for CVE-2018-8140https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8140On the flip side Amazon’s Echo also known as Alexa, has been found to include a series of flaws that can allow hackers to turn Alexa into a spy-like listening device.During the recent DefCon security conference in Las Vegas, researchers from Tencent, Wu Huiyu and Qian Wenxiang, presented how they could successfully turn the Echo into a silent listening device. This was achieved using a modified Echo connected to the same network as other Echo’s and the complex chaining of exploits against multiple vulnerabilities in the product.The good news is that the researchers have disclosed the vulnerabilities to Amazon and they have since been patched to prevent further exploitation.This is not the first time there have been concerns over these Smart speakers and certainly won’t be the last.https://www.theregister.co.uk/2018/08/14/amazon_echo_hacking/
On 14th August Microsoft issued an announcement via the Office Message Center to inform customers of their decision to retire the Hybrid MDM service offering on 1st September 2019.As customer numbers on the Hybrid MDM service continue to decrease Microsoft feel that this is a good time to move the remaining customers using the service over to the cloud. Migrating customers will be moved over to the cloud-based Intune service that is hosted on Azure. Intune provides an all-round better experience and integrated approach for managing your organisations mobile devices.This notice does not apply to any on-premise deployments that use SCCM (System Center Configuration Manager).In short if you are using Hybrid MDM you need to start making plans to migrate to Intune. For more information see:https://blogs.technet.microsoft.com/intunesupport/2018/08/14/move-from-hybrid-mobile-device-management-to-intune-on-azure/That’s it for this edition but please stayed tuned for our next instalment.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailListYou can also follow us using the social media links provided.If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReviewIronshare – Security SimplifiedEdition #4 – 17th August 2018
By
Stuart Hare
on
17/8/18
Welcome to Ironshare’s Cyber Round-up, where we take a look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.
Today customers of Currys PC World (part of the Dixons Carphone group) have received email updates on the continued investigation into the massive data breach that was disclosed earlier this year.Dixons Carphone now believe that approximately 10 million records that contain personal customer information, may have been accessed during the breach that occurred in 2017. Recent evidence now shows that data was exfiltrated from their systems, but they have confirmed that this data did not include any bank or payment card details.Email received by customers:
The link below provides an account of the update from Dixons Carphone and also includes an FAQ of what happened and how customers may be affected.https://www.dixonscarphone.com/messageDuring the initial disclosure on 13th June, NCSC provided a statement on their involvement with investigating the breach, along with guidance for any customers that may be affected.https://www.ncsc.gov.uk/news/statement-dixons-carphone-data-breach
The data breach bad news just keeps on flowing, this time with Butlins the holiday camp chain. A report by City AM states that up to 34,000 guests may have had their details accessed by unauthorised third party.At this point details are very limited, but it is understood that name, holiday booking details, postal and email addresses and phone numbers have been accessed. Butlins are in the process of contacting those customers that may have been affected but they believe that no payment related data has been exposed.Butlins provided the following response:"Butlin's take the security of our guest data very seriously and have improved a number of our security processes. A dedicated team has been set up to contact all guests who may be affected directly. I would like to personally reassure guests that no financial data has been compromised."http://www.cityam.com/290577/butlins-warns-data-34000-guests-may-have-been-accessed
This week saw Salesforce report an issue with potential access and data leakage between customer accounts on their platform.Salesforce, the cloud-based CRM (Customer Relationship Management) software provider, posted a warning notice, indicating that a marketing cloud related change to their system, had introduced a bug that meant certain REST APIs could retrieve or write data from one customer account to another.The change was carried out between 4th June and 7th July, with the Salesforce Security team being made aware of the issue on 18th July. An emergency change was made on the same day to resolve the issue.Although it is unclear whether any malicious activities took advantage of this flaw, or whether it resulted in any personal information being disclosed, it is recommended that Salesforce customers using REST APIs review their data and its integrity.https://www.bankinfosecurity.com/salesforce-security-alert-api-error-exposed-marketing-data-a-11278Official notice from Salesforce: https://help.salesforce.com/articleView?id=Email-Studio-and-Predictive-Intelligence-REST-API-Issue&language=en_US&type=1
For any fellow CCP’s out there the NCSC have finally released an update on the future of the Cyber Certified Professional scheme. The CCP scheme formerly known as the CESG Certified Professional was created by CESG as a replacement for the CLAS (CESG Listed Advisor Scheme) consultant certification.Since the CESG became the National Cyber Security Centre in 2016, the CCP certification has been left in limbo, with no clear direction on the future of the scheme. Thankfully a year on since the last update, NCSC have confirmed their commitment to the CCP program.The CCP was created to clearly identify Cyber professionals with the necessary skills, knowledge and industry experience to carry out the specific roles defined in the scheme (e.g. IA Auditor, Accreditor, Architect etc.).NCSC have realised that overall the CCP needs to be reviewed and updated. Several planned changes are aimed at making the CCP less government specific, which will align it to the general Cyber security community. The roles are expected to change along with the application process which will move away from the levels of practitioner, senior and lead roles, in order to recognise specialists in each new role.These changes are already underway, but don’t expect to see any immediate changes to the scheme, as the plan is to have a pilot ready for some time in 2019.Further updates are due to follow from NCSC next month, so stay posted.https://www.ncsc.gov.uk/blog-post/our-commitment-ccp-scheme
Let’s Encrypt released some great news this week, that their Root Certificate Authority is now trusted across all the major root providers.Let’s Encrypt is an automated and open certificate authority, that was established to assist the public to enable the adoption of secure websites (using HTTPS), all free of charge. Basically, if you own a website / domain name you can use LE to obtain a trusted certificate at zero cost.LE were just waiting on Microsoft to complete the list, which along with Google, Apple, Mozilla, Oracle and Blackberry, now means they no longer need to purely rely on their third-party trust association with IdenTrust.For a website certificate to be secure it needs to be issued by a Certificate Authority that is trusted globally by mainstream products and services. This meant that in the early days LE had to use an existing trusted CA source (IdenTrust) to be indirectly trusted and issue their certificates, while they established their own global trust.Now that all the major browsers, operating systems and devices directly trust the Let’s Encrypt CA, they have an easier path to continuing their journey of securing the internet. Although, as there is still a large number of old devices out there, it may still take several years before this trust process is fully completed.https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html
Microsoft Office 365 - Exchange Online are making some changes to the certificates used by their servers. Stating on 3rd September Microsoft will being rolling out the new TLS certificate to its services.If your organization has not taken intentional steps to restrict your on-premises mail servers from accessing non-authorized domains and has not enabled extra validation of the Exchange Online certificate issuer, this will not impact you.If you have made such restrictions, you will need to ensure that your mail servers are able to access the following endpoints from your network as part of validating the new certificate:- ocsp.globalsign.com- crl.globalsign.com- secure.globalsign.comIf you or your organization's partners perform extra validations, those details such as the Certificate authority root issuer can be found by clicking on the Additional Information link below.https://support.office.com/en-gb/article/how-exchange-online-uses-tls-to-secure-email-connections-in-office-365-4cde0cda-3430-4dc0-b489-f2c0736c929f?ui=en-US&rs=en-GB&ad=GBThat’s it for this edition but please stayed tuned for our next instalment.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailListYou can also follow us using the social media links provided.If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReviewIronshare – Security SimplifiedEdition #3 – 10th August 2018
By
Stuart Hare
on
10/8/18
Welcome to Ironshare’s Cyber Round-up, where we take a look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.
Another week usually brings with it another security breach, this week we have two, with the first being the popular news and discussion forum, Reddit. Reddit is basically a message board system that enables its users to share posts, news, links and images, that are categorised based on the contents topic.On 1st August Reddit disclosed that a hacker had gained read-only access to several of their systems, where they were able to access certain user data, as well as an old database backup from 2007 that contained copies of old salted and hashed passwords.The attack, which happened between the 14th – 18th June, successfully compromised the accounts of Reddit employees, by taking advantage of an intercept flaw in the SMS-based Two Factor Authentication they were using.Although Reddit did not explain how the compromise took place, this does provide a real-world example of the weaknesses in SMS messaging, and whether it should still be considered a trusted method for Two Factor Authentication. That said, although token based 2FA should always be your preferred method, if there is no other option, SMS-based 2FA is still better than no 2FA at all.If your details were affected by the breach, Reddit will be in touch with you shortly. As always though, if you have any doubt that your account may have been compromised you should change your password immediately. For Reddit’s full release on this incident please go to:https://www.reddit.com/r/netsec/comments/93ra0e/reddit_had_a_security_incident_heres_what_you/
The second breach this week involved the ecommerce website Fashion Nexus, and its sister company White Room Solutions.Graham Cluley’s blog (see the link below) details information about this breach, where the personal information and passwords hashes of approximately 1.3 million customers, were exposed.Affected brands include AX Paris, Jaded London and Perfect Handbags.The Fashion Nexus website (http://www.fashionnexus.co.uk/) now includes a statement about this data breach.https://www.grahamcluley.com/online-fashion-shoppers-exposed-ecommerce-breach/
As part of their EUD (End User Device) Security Framework the NCSC has published their latest guidance for Ubuntu Linux which has been tested with Ubuntu 18.04 LTS.The EUD Security framework aims to provide low cost, simple and effective advice for securing End User Devices, by taking advantage of inbuilt features and security controls, without the need for expensive third-party products.This guidance document provides recommendations that should be reviewed by administrators and risk owners to ensure that an agreed approach is taken that balances security with the business objectives.Although initially defined for Government departments and authorities, that operate using OFFICIAL & OFFICIAL-SENSITIVE information, this is good practical guidance that can be adopted by any organisation to improve or implement secure configurationshttps://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1804-lts
Sophos have reported through their Naked Security blog, that their continued research into the ransomware known as SAMSAM, has uncovered new details that suggest its ransom demands have generated nearly $6 million since its first appearance in December 2015.The SAMSAM ransomware is a sophisticated, evolving threat that is used in stealthily targeted attacks, with the intent to cause maximum damage on its targets. It was previously thought that healthcare and government depts were prime targets, but Sophos state that:“Based on the much larger number of victims now known, it seems that far from being unaffected, the private sector has actually borne the brunt of SamSam. Victims in that sector have simply been far more reluctant to come forward.”SAMSAM uses common attack vectors that we have seen before in previous variants of ransomware, such as Dharma and Arrow (see our previous post Ransomware: Arrow). It uses Remote Desktop Protocol (RDP) combined with software like ‘nlbrute’ to compromise weak passwords and gain access to the targets network. The human attacker then installs the malware, escalates privileges and spreads across the network, to install multiple copies of the ransomware throughout the organisation.Ensuring access to management protocols (such as RDP) are not accessible from the internet and keeping up to date backups, are key to protecting against this type of attack.https://nakedsecurity.sophos.com/2018/07/31/samsam-the-almost-6-million-ransomware/
Multiple Cobalt Personality DisorderFor the past couple of months, Talos has been tracking a number of email-based attacks that have been responsible for the spread of malware in a mix of targeted and widespread campaigns. Although not conclusive there is evidence that links these attacks with the actor group known as the Cobalt Gang.These attacks have been very sophisticated, using not only multiple infections, but by also combining multiple exploits, payloads and decoys over several phases of the campaigns to ensure success.Initial infection comes in the form of email based phishing attacks which use content taken from legitimate mailing lists etc. to convince users to click on links and download malicious PDF, RTF and Word DOCS that will kick start the infection.The malware results in the installation of backdoor Command and Control for complete access to the infected device. It fingerprints (collects information) from the infected device, such as the operating system, installed software and user credentials, and discloses this to the attackers. From here they can continue to try and compromise other connected systems.Warning this is a technical blog post so not for everyone.https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.htmlThat’s it for this edition but please stayed tuned for our next instalment.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailListYou can also follow us using the social media links provided.If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReviewIronshare – Security SimplifiedEdition #2 – 3rd August 2018
By
Stuart Hare
on
3/8/18
Welcome to the first edition of Ironshare’s Cyber Round-up, where we take a look back at the events of last week and handpick some of the news, posts, views, and highlights from the world of Security.
We came across an article which was posted late last year by Dr Ian Levy from the National Cyber Security Centre called ‘The serious side of pranking’. The article describes a real-world example of how Dr Levy was the target of a mock Spear-phishing attack by the prankster James Linton.This is a great post that describes the simplicity involved with launching such an attack, and how easy it could be to fall victim to it. A must read for anyone, not just us security guys:https://www.ncsc.gov.uk/blog-post/serious-side-pranking
After months of anticipation the Wi-Fi Alliance officially launched the new Wi-Fi Security standard WPA3 on the 25th June 2018. WPA3 or Wi-Fi Protected Access version 3, has been dubbed the Next Generation in Wi-Fi network security.The new standard includes new features that simplifies Wi-Fi security while also improving its strength through new cryptographic support. WPA3 has been eagerly awaited since the news earlier this year that the KRACK security flaw (Key Reinstallation Attack) had been found in the existing WPA2 standard.Don’t expect WPA3 to be available immediately though, expect this later on this year, as the vendors begin to integrate the new standard into their Wi-Fi products. Official release:https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security
This week we have added a Cyber Glossary to our website, we know how difficult it can be to keep up with the changes in the IT and Cyber Security industry, so we thought it would be good to cover some of the basics by providing a simple A to Z of common Cyber terms.We will look to keep this updated over time, so if there are any comments, or anything you feel is missing please let us know using the comments section at the bottom of this articles page. You can find the Cyber Glossary here:https://www.ironshare.co.uk/technical/cyber-glossary/
A couple of key updates came out of the Cisco Talos Group this week:Cryptocurrency Mining WhitepaperThe first was an article releasing a new whitepaper that discusses the mining of Cryptocurrency. At this stage Crypto Mining is the biggest rising malware threat we have seen during 2018. This whitepaper covers what Crypto Mining is, how it can affect your organisation, and importantly how you can use the Cisco Security product line to prevent its presence in your network and devices.https://blog.talosintelligence.com/2018/07/blocking-cryptomining.htmlMalicious MDM Advanced Mobile Malware Campaign - Part 2Over the past months Talos has been investigating a targeted malware attack in India that uses malicious Mobile Device Management services to trick users into enrolling and compromise their mobile devices (smart phones etc.). Part 2 of this series of posts goes into depth on the infrastructure used by the actors and the potential links to previous malware campaigns and known actor groups.Warning this is a technical blog post so not for everyone.https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM-Part2.html
If you are a Microsoft Office 365 customer, then hopefully you are aware that Microsoft will be removing support for the older versions of TLS encryption (Transport Layer Security). Versions 1.0 and 1.1 will be retired as of October 31st 2018.If you are not prepared for this then we recommend getting on it immediately, so you do not lose access to your services. All the latest browsers and clients support TLS 1.2, so you should be fine if you keep up to date.For more information see:https://support.microsoft.com/en-gb/help/4057306/preparing-for-tls-1-2-in-office-365
In a move to promote a more secure internet Google have made changes to their Chrome browser that will now alert you when you access an unencrypted website using the clear text HTTP protocol.Google state that this change will make it easier for users to know whether their personal information is safe as it travels across the internet.From Chrome v68 all HTTP sites are marked as ‘Not Secure’ in your browsers address bar, which turns to a red warning notice if you start to input your personal information.https://www.blog.google/products/chrome/milestone-chrome-security-marking-http-not-secure/That’s it for our first edition so please stayed tuned for our next instalment.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailListYou can also follow us using the social media links provided.If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReviewIronshare – Security SimplifiedEdition #1 – 27th July 2018
By
Stuart Hare
on
27/7/18
We came across an article which was posted late last year by Dr Ian Levy from the National Cyber Security Centre called ‘The serious side of pranking’. The article describes a real-world example of how Dr Levy was the target of a mock spear phishing attack by the prankster James Linton.This is a great post that describes the simplicity involved with launching such an attack, and how easy it could be to fall victim to it. A must read for anyone, not just us security guys:https://www.ncsc.gov.uk/blog-post/serious-side-pranking
By
Stuart Hare
on
23/7/18
Ironshare, a Birmingham-based cyber security consultancy, today announced that it has been promoted to Cisco SelectPartner status.To earn this, Ironshare had to meet the rigorous standards set forth by Cisco in the Security Specialisation competency. “It’s a significant accomplishment to reach Select status” stated Stuart Hare, Director of Ironshare. “By partnering with Cisco, we are able to offer a complete end-to-end security portfolio that ensures defence-in-depth for any organisation, and with Select status we can be even more competitive and bring even better service and benefit to our customers”
The Cisco Channel Partner Program provides a framework for partners to build the sales, technical and business architecture skills required to deliver Cisco solutions. Through the program's specialisations and certifications, Cisco recognizes a partner's expertise in deploying solutions based on Cisco advanced technologies and services. Using a third-party audit process, the program validates a partner’s technology skills, business practices, customer satisfaction, pre-sales and post-sales support capabilities and other critical factors customers consider when choosing a trusted partner.“Congratulations to Ironshare for hitting Select status, it’s been great to welcome them to the Cisco Channel Partner Program and see their progress,” said Vijay Mistry, Partner Account Manager at Cisco UK. “This achievement reflects their dedication to the skills required to support customers within the security technology sector. We are excited to work with Ironshare and support their customer’s needs.”Ironshare is a provider of Information and Cyber Security services. The company focuses on helping customers to achieve a greater understanding of the risks to their organisation, whether large or small, while ensuring that defined security solutions are delivered in a simple and effective manner.With over 80 years of industry experience, our expertise in this area allows us to deliver proven, tried and tested results to our customers, and as a flexible business with no significant overheads, we can be agile to our customer needs, while remaining commercially attractive in the market. Ironshare is headquartered at The Colmore Building in Birmingham, UK.For more information, visit: www.ironshare.co.uk
By
Stuart Hare
on
18/7/18
Birmingham-based cyber security consultancy, Ironshare, has achieved the Cisco Express Security Specialisation.This award recognises partners who are focused on meeting the security needs of their customers, and involves a third-party qualification process which tests knowledge in selling, designing, installing and supporting the full range of Cisco Security products.
Ironshare not only fulfilled the Cisco training and exam requirements but also met the personnel, training and post-sales support requirements set forth by Cisco.James Phipps, Non-Executive Chairman of Ironshare, commented: “This specialisation is an important independent recognition of Ironshare’s commitment to Cyber Security, and underlines our ability to deliver the highest quality solutions to protect our clients from evolving cyber security threats. It’s a significant milestone and fantastic for the team’s efforts to be recognised and acknowledged”Ironshare is a provider of Information and Cyber Security services. The company focuses on helping customers to achieve a greater understanding of the risks to their organisation, whether large or small, while ensuring that defined security solutions are delivered in a simple and effective manner.With over 80 years of industry experience, our expertise in this area allows us to deliver proven, tried and tested results to our customers, and as a flexible business with no significant overheads, we can be agile to our customer needs, while remaining commercially attractive in the market. Ironshare is headquartered at The Colmore Building in Birmingham, UK.For more information, visit: www.ironshare.co.uk
By
Stuart Hare
on
11/7/18
Today, Ironshare, a Birmingham-based cyber security consultancy, is pleased to announce the appointment of James Phipps to the new role of Non-Executive Chairman of the Board.Phipps recently stood down as CEO and became Executive Chairman for Excalibur, after an MBO saw him sell his majority shareholding in the Swindon-based company, which as a Microsoft Gold Partner, provides managed IT and Telecommunications services. In almost two decades at Excalibur, he has overseen significant investment in systems and products and moved them from mobile phone shops to providing full telecom and IT services, supporting over 4,000 SMEs and organisations in the south and south west.Excalibur was recently identified in London Stock Exchange Group’s ‘1000 Companies to Inspire Britain’ Report and is listed in the Sunday Times 100 Best Small Companies to Work For (2017 and 2018). They also hold the South West Federation of Small Business Award for Employer of the Year 2018. In setting the business apart from its competitors, Phipps has also made unprecedented commitments to staff development and local community projects, including the new Younite Foundation charitable trust he has created.James Phipps joins Ironshare at a pivotal point in the company's development as they focus on expansion and success in the U.K. market. As Board Chairman, he will be instrumental in defining go-to-market strategy while identifying new partners and growth objectives.Commenting on the appointment, Stuart Hare, Director and Co-Founder of Ironshare said, "We are fortunate to have someone with James’ depth and breadth of business knowledge join us. We know that his experience will support the team in getting a stronger foothold in the UK security landscape."James added "I am delighted to be joining Ironshare at this exciting stage of its development. There is a distinct shortage of cyber security professionals in the industry, and the attention to detail and service that this team brings means there is remarkable growth potential. Ironshare is perfectly poised to take a significant market share, this is a very talented team and it will be a privilege to contribute to their success."About IronshareIronshare is a provider of Information and Cyber Security services. The company focuses on helping customers to achieve a greater understanding of the risks to their organisation, whether large or small, while ensuring that defined security solutions are delivered in simple and effective manner. Ironshare is headquartered at The Colmore Building in Birmingham, UK.For more information, visit: www.ironshare.co.uk
By
Stuart Hare
on
25/6/18
Ironshare are pleased to announce that we have successfully achieved our first official certification for Cyber Essentials, which was awarded on the 20th June 2018.
As a Cyber and Information Security company it is key to demonstrate that we practice what we preach, and, that we are committed to providing quality Security services which protect both our company and our customers. The Cyber Essentials certification is our first step to achieving that.
Cyber Essentials is a UK Government led certification that first launched in 2014. It was introduced after the release of the CESG’s ‘10 Steps to Cyber Security’, which resulted in many requests for more detailed guidance, as organisations were unsure on how to implement the fundamental controls for Cyber Security.While the 10 Steps provided the ingredients, Cyber Essentials was formed to deliver a recipe of how these ingredients should be used, to establish the appropriate defences against common attacks.Although there is never one right answer that fits all, Cyber essentials focuses on the following five technical controls:
The completion of Cyber Essentials certification confirms that you have met the requirements to address these controls to protect against common threats.
Year on year we consistently see the presence of more advanced threats and cyber-attacks. In 2017 we witnessed the year of Ransomware; where the likes of WannaCry and Nyetya caused huge impact to organisations and public services such as the NHS.So far 2018 has seen the rise of Crypto Currency and mining attacks, while Ransomware and Remote Access Trojans (RATs) still maintain a popular position in an attacker’s arsenal.The harsh reality is that it no longer matters the size or type of your organisation, if you have gaps in your security you can guarantee it’s a matter of when, not if, an attacker will exploit those gaps and weaknesses.
If this scenario sounds familiar and you are not sure where to start, or you need assistance with identifying and plugging those security gaps then Ironshare can help.To start we offer a free of charge, no obligation assessment that can get you on the right track to identifying your key risks.Use the Contact Page to get in touch, and our experienced staff will be on hand to discuss our flexible service options with you.
The official NCSC Cyber Essentials website can be found here:https://www.cyberessentials.ncsc.gov.uk/Finally, a word of thanks to the certification body - IT Governance (www.itgovernance.co.uk) - for their help throughout the certification process.Ironshare – Security, Simplified
By
Stuart Hare
on
20/6/18
Last week we attended and exhibited at Info Security Europe conference, at London Olympia.It was a great few days of networking and we had some excellent conversations with both attendees and fellow exhibitors. Thank you to everyone that came to see us on Stand x49. We hope that you enjoyed the show as much as we did.Below is a short video of our time at the event.https://www.youtube.com/watch?v=M6AYr3XX22EThere were many of the major names in the Industry at the event, obviously with massive amounts of budget allocated to their very impressive stands. Whilst we couldn’t match that, our small presence at the event enabled some excellent one-to-one conversations, resulting in a successful first time exhibiting at the conference.
Our literature was handed out throughout the three-day event and was well received, if you would like to take a look, please use the links below.
Ironshare Security ConsultingIronshare Layered SolutionsIronshare Managed Internet SecurityIronshare Managed Endpoint SecurityIf you didn’t manage to attend or stop by the stand, there is always next year.See you there 😊Ironshare – Security, Simplified
By
Stuart Hare
on
13/6/18
InfoSecurity Europe will once again be hosting their annual Information Security conference at London Olympia on the 5th-7th June.InfoSecurity Europe also known as just InfoSec, is Europe’s number one Information Security event. It has been running for over 20 years, and features over 400 exhibitors that present their products and services to over 19,000 attendees.Attendees get access to over 240 free conference sessions across 3 days, which are presented by industry leaders. These sessions are held at the Key Note Stage, the Strategy Talks theatre, the Tech Talks theatre and Information Security Exchange Theatre. You can even earn certification CPE credits by attending a session (just make sure you register your certification ID prior to the event).After being attendees for many years, Ironshare will be making their exhibitor debut at InfoSec this year. Please come and join us at Stand X49 located directly opposite the Information Security Exchange on Gallery Level 1.
Visit http://www.infosecurityeurope.com/visit/Register to register for the event.If you would like to arrange a time to meet us on the stand at Infosec, then please use the Contact form and get in touch.We look forward to seeing you, and hope you enjoy the conference.Ironshare – Security, Simplified
By
Stuart Hare
on
22/5/18
If you are an IT consultancy or Managed Services Provider and you’re interested in extending your portfolio to include cyber security consulting, then maybe we can help.We offer a range of white label options on our services, meaning that you can sell our expertise onto your existing client base and earn extra margins by adding cyber security into your portfolio.Our delivery team will seamlessly integrate and extend your capability, and you can expect the highest standards with a friendly and professional engagement at all times.We’ll work with you to develop specialist marketing materials with your own corporate branding, and ensure that our “Security, Simplified” message rings true throughout the engagement.In terms of the financial arrangements, we are not interested in making a quick buck, we want long-term, lasting relationships – true partnerships.You sell into the customer, settle back and let us take on the work.What’s not to like? Complete the contact form to get in touch, and we will get back to you and discuss options for moving forward with a potential new partnership.Benefits of partnering with Ironshare
By
Stuart Hare
on
25/4/18
Ironshare work with organisations of all shapes and sizes, and whatever your requirement, whatever your limitation, there is always a solution. No job is too small!We offer a range of consulting and fully managed services that can be built specifically for you and our solutions are completely scalable to match any budget. In addition, our service led approach aims to build long term and trusted relationships – it’s at the heart of what we do.
Once an order is placed with us, we manage the entire implementation process from end-to-end and our project management team take care of the entire lifecycle - from scoping and designing the solution, to supply, integration and crucially, support and our managed service.Our post-sales team gives you peace of mind and confidence that queries are dealt with quickly and effectively by real people, helping you there and then.
Organisations face advanced cyber threats and network security vulnerabilities on a daily basis . It can be a hostile landscape but for every challenge there’s a solution, and we are always happy to discuss, and work with you - to find the answers you need.We can work directly with senior and executive stakeholders or work with your teams and create easy-to-understand documentation that supports your own in-house discussions.
We combine our skills, expertise and flexible approach with some fantastic security tools. Our cloud-based intelligence driven solutions help organisations predict, detect, prevent and respond to cyber threats and attacks.
The goal of Security Consulting is to allow our security experts to assist you and your business with improving your overall security posture, and to develop the plans needed to prepare, respond and recover in the event of a breach or compromise.Our consultancy services extend to areas such as, incident response and investigations, risk analysis, information and technical assurance, roadmap and strategy development, security design, network asset discovery, and security assessments.In addition to the above we can also assist with the creation and development of security policy documentation. This can range from information and technical standards, best practice guidelines and secure build hardening standards and procedures.In summary we can help you address your Information and Cyber Security responsibilities in line with your organisational strategy and legal obligations.
Network reliability and speed is vital for business today, and our tailored solutions can help you ensure your network runs seamlessly and securely. Our security assessments, monitoring, and network discovery tools can be used to work with your specific requirements while considering your business and network structure, processes and future scope.Whether you are looking for cloud based or data centre capabilities, Ironshare will be able to offer considered advice and solutions to address all your networking challenges.
No other sector is growing as fast as IT Security, and it can be difficult for organisations to attract and hold onto industry professionals. We offer access to skilled resources, via phone, chat, or email, that can work with you on a retainer basis, whereby you can call upon their services for a few hours or days a month.If you need more than that, we can help you source the right individuals for your team by assessing your requirements, building a job spec, and working with our recruitment partner to pre-interview and assess individuals for the role(s) in question.We pride ourselves in being a company that you’ll be glad to work with. We are always honest, open and transparent and will always bring genuine, considered advice in a simple to understand way.Complete the no obligation contact form link and we’ll get in touch with you by telephone within 24 hours to discuss your needs in more detail. After this we’ll get a quote delivered to your inbox and if everything is agreeable, we will start working for you immediately.
By
Stuart Hare
on
25/4/18
We’ve been there ourselves, so we understand the need for you as a buyer to make an informed choice before any purchase.After all, you’re the ones who are going to have to live with the decision!As Ironshare are registered Cisco partners, we focus predominantly on Cisco security solutions, but the truth of the matter is, those solutions might not be the best fit for you.We only want happy customers… so to address this, our no-nonsense website explains the pros and cons of various products in an honest and transparent manner. We also go into greater depth with a series of easy-to-read articles about various Cisco solutions. Our aim is to provide information that gets to the point and give prospective customers a better understanding of what’s right for them.After reading these articles, you’ll be able to identify if our services sound good to you, and if you want to start working with us – then we aim to be flexible to your needs and keep everything as straightforward as possible.
"Try before you buy" - we offer a totally FREE and no-obligation 14-day trial. If you’re happy with what you see, then we make it super easy for you to proceed – simply fill in your details and requirements, and you’ll get an automated PDF quote delivered to your inbox within seconds.We always strive to be flexible, so we also offer a monthly payment plan - if that works better for your business or organisation then let us know (there are no long contracts to worry about, unless you want them).
On top of any Cisco purchase, we also offer installation assistance and a ‘fully managed service’.For installation, we have a chat with you about your environment, and then give you tailored, detailed and easy to understand instructions on how to get your new Cisco product working. We give over the phone and remote support to get you up and running – usually within a few days.
Our ‘fully managed service’ is our core offering. With our cloud-based solutions, it enables us to take on the responsibility of running and maintaining your Cisco security products on a day-to-day basis. We will have regular conversations with your security or IT support staff and try to understand which threats concern you the most – after that – you leave it to us.You will have no need to train staff on use of the products, so they can get on with other work. We monitor the outputs and findings and identify where risks and issues exist within your estate. Our Cisco qualified engineers will then give you specialist advice and let you know what you need to do to resolve and remove any threats to your company or organisation.Our service focuses on easy to understand, no-jargon reporting and remediation recommendations.
The speed of implementation is really decided by your own company change control practices.Our UK-based support team can help you get up and running with worldwide coverage of your PCs, laptops and devices in just minutes - if your network environment is simple enough. For other organisations with more complex networks and procedures, it may take a while longer - but we will work with you every step of the way and help you through the on-boarding process.Once deployed, Umbrella can protect all of your devices, wherever they are being used at home, in a hotel or maybe they’re connected to an internet café Wi-Fi network for instance. You can also manage access to different categories of websites for employees – as an example, this might be helpful if you have staff who spend long periods of time on social media during working hours.Your users will have an advanced and intelligent layer protecting them from external viruses and threats, and if you also adopt Cisco AMP for Endpoints – it will give you ultimate control on anything that sneaks through the gaps - via a rogue email, memory stick or by some other means. You’ll be able to nip concerns in the bud quickly and prevent matters from escalating.
As we’ve mentioned already, our aim is to give you expert advice - delivered in a no-nonsense and simple to understand format. In addition, the core values we pride ourselves on include the ability to be ‘efficient and flexible’ - we need to add value to our customers and we do this by having skilled and innovative staff who are professional, well-educated and trustworthy.Trust is so important to us, it might sound a bit cheesy but really, what we say is what we do, and we maintain this attitude throughout all aspects of our services. We simply do whatever it takes to get the job done, that is right for you.
Our aim is to become an extension to your security or IT team, and to ensure that we add maximum value. The Ironshare managed service comes with a dedicated Service Account Manager (SAM) and a Technical Account Manager (TAM).Both roles will keep in touch with you throughout the service via monthly or quarterly telephone meetings – you decide the frequency and we will be there! The service meetings offer a chance to discuss your overall customer experience, and ensure you are getting what you want from the service.On top of this you’ll have qualified analysts keeping tabs on your organisation and alerting you whenever we see anything that you need to know about. In addition to any specific security alerts, we’ll provide regular reports (at an agreed frequency) and more detailed advanced reporting is available as required.All of our managed service clients get technical security support from their dedicated TAM, meaning that you have access to qualified specialist security advice whenever you want – you can use that to discuss any number of topics.If you’ve had an incident of some kind, your TAM will advise on best practice and make some clear recommendations on the best course of action to take.As a bonus and as part of the service (as required) - your TAM can arrange a security assessment of your organisation and report back the findings to help you identify areas of concern.Other things your TAM can do is to provide on-call information support for any security incidents you experience, and provide training materials if you want your staff to be more hands-on.We are in regular contact with Cisco themselves and often get early information about developments to the products we sell. For example, in the last 18 months, Cisco Umbrella has been continually enhanced and improved, with a number of these improvements based on our feedback and engagement.We share any interesting product news directly with our customers via an exclusive newsletter which also contains information about loyalty discounts on future service purchases.All in all, we aim to keep our customers happy by focusing on you every day 😊
Ironshare – Security, SimplifiedFor more information about Ironshare or our services, or if you have any other questions – please Contact Us here.
By
Stuart Hare
on
23/4/18
No results found.
