Insights

Overview: A newly reported vulnerability in the Common Unix Printing System (CUPS) poses a significant security threat to UNIX-based systems, including Linux and macOS. Security researcher Simone Margaritelli has published the first of a series of blog posts detailing the issue, which can be exploited by sending a specially crafted HTTP request to the CUPS service. This vulnerability allows remote attackers to gain access to affected systems and execute arbitrary code, potentially escalating privileges and compromising critical assets.

The constant influx of CVEs (Common Vulnerabilities and Exposures) can make it difficult for businesses to keep up, leaving critical assets at risk. Added to this, organsations also have to deal with many other types of exposures, such as inappropriate identity permissions, or cloud platform misconfigurations. To address this challenge, Integrity360 is now offering Continuous Threat Exposure Management (CTEM) as a Service, providing organisations with a comprehensive solution to identify, prioritise, and manage the greatest risks to their critical assets, whether on-premises, in the cloud, or in a hybrid environment. 

New service addresses the resource gap that can result from CTEM

The Internet of Things (IoT) has transformed the way we connect and interact with technology, enabling devices from smart thermostats to industrial machinery to communicate seamlessly over the internet. However, with this connectivity comes a unique set of challenges in securing these devices and ensuring they aren't a gateway for cyberattacks. This is where IoT penetration testing comes in. 

The legal sector has seen a dramatic 77% increase in successful cyber attacks over the past year, with incidents rising from 538 in 2022/23 to 954 in 2023/24. This rise is largely due to the sensitive and valuable nature of the information that law firms hold, making them prime targets for cybercriminals.

In today’s fast-paced and technology-driven world, having a robust Business Continuity Plan is crucial. However, a Business Continuity Plan is not complete without a strong focus on integrating threat detection and response mechanisms. In this blog, we'll explore why integrating threat detection and response is essential and how to effectively incorporate it into your Business Continuity Plan.

London/Dublin/Cape Town – 28th August 2024 – As part of its global expansion plan Integrity360 has acquired Grove Group, a long standing cyber security and cloud services company headquartered in Cape Town, South Africa.  

 

In response to cyber security threats, the European Union has introduced the NIS2 Directive, a comprehensive update to the original Network and Information Systems (NIS) Directive. The new regulations are set to take effect by October 17th, 2024. 

Cloud security myths persist, casting unnecessary doubts on the technology's robustness. It’s time to set the record straight and bust some of the most prevalent myths surrounding cloud security.

Testing methodologies play a pivotal role in identifying vulnerabilities and fortifying systems against potential attacks. Among these methodologies, the concepts of Black Box, Grey Box, and White Box testing are fundamental. Understanding these approaches and their applications can significantly enhance the effectiveness of a security strategy.

Overview: A critical vulnerability, CVE-2024-38063, has been identified in the Windows TCP/IP stack, impacting nearly all versions of Windows, including servers and workstations. This vulnerability, which affects the implementation of IPv6, is particularly concerning due to its potential to grant an attacker SYSTEM-level privileges, the highest level of access on a Windows machine. 

The PCI Council has released valuable insights on Vulnerability Scans & ASV Guidance, particularly beneficial for SAQ A merchants.