Insights

London/Dublin/Cape Town – 28th August 2024 – As part of its global expansion plan Integrity360 has acquired Grove Group, a long standing cyber security and cloud services company headquartered in Cape Town, South Africa.  

 

In response to cyber security threats, the European Union has introduced the NIS2 Directive, a comprehensive update to the original Network and Information Systems (NIS) Directive. The new regulations are set to take effect by October 17th, 2024. 

Cloud security myths persist, casting unnecessary doubts on the technology's robustness. It’s time to set the record straight and bust some of the most prevalent myths surrounding cloud security.

Testing methodologies play a pivotal role in identifying vulnerabilities and fortifying systems against potential attacks. Among these methodologies, the concepts of Black Box, Grey Box, and White Box testing are fundamental. Understanding these approaches and their applications can significantly enhance the effectiveness of a security strategy.

Overview: A critical vulnerability, CVE-2024-38063, has been identified in the Windows TCP/IP stack, impacting nearly all versions of Windows, including servers and workstations. This vulnerability, which affects the implementation of IPv6, is particularly concerning due to its potential to grant an attacker SYSTEM-level privileges, the highest level of access on a Windows machine. 

The PCI Council has released valuable insights on Vulnerability Scans & ASV Guidance, particularly beneficial for SAQ A merchants.

With new data showing that the the number of cyber attacks on UK utility companies increased to 48 in 2023, representing a 586% rise compared to 2022 and Data breaches impacting 140,000 individuals, a substantial increase from 17,000 the previous year cyber security in the sector has never been so important. 

We are excited to announce that Integrity360 has been selected as one of just 33 out of more than 400 organisations to join the prestigious PCI SSC Global Executive Assessor Roundtable. This selection reflects our commitment to advancing payment security and our recognition as a leader in the field. 

In a recent incident, a prominent cyber security company discovered they had inadvertently hired a North Korean operative posing as an IT professional. This individual, using various AI tools, managed to infiltrate the company by joining as an employee, accessed its systems and attempted to plant malware. The incident has brought to light the increasing sophistication of cyber threats during the recruitment process. If a major cyber security firm can fall victim, other less security-savvy organisations face even greater risks and underscores the necessity for robust verification processes and heightened vigilance in recruitment.

Crowdstrike have now published their preliminary post incident report (PIR) into the issue that impacted 8.5m Windows hosts. Their preliminary report is available in full on the CrowdStrike website:https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/)

As a physical social engineer my job on the surface is simple, gain physical access to an organisation’s premises and complete a set of pre-determined tasks from there.

Issue Overview and Impact