Portcullis has become the most established cyber security consultancy to gain the new Government Cyber Essentials certification.
The Portcullis board identified certification as important for them as a leading provider of security services; demonstrating how they adopt the same attitude to information security that they encourage in their clients. This gives them further confidence in Portcullis ability to conduct business securely. It is a key principle of the company that they practice what they preach. The Cyber Essentials scheme is not designed to be the ultimate in cyber security but it is a very useful benchmark for companies to adopt.
On Friday 30th January 2015 the White Hat Ball celebrates its 10th anniversary.
For those not aware of its origins, the Ball began on the current chairman’s birthday in January 2005 when Marcus Alldrick, CISO at Lloyd’s of London, asked the assembled company at his birthday dinner how the Information Security industry could do more for charity. SC Awards had recently dropped the charity raffle from their annual bun fight, and thereafter Marcus set up a steering committee of likeminded colleagues, soon after which The White Hat Ball was born.
A few weeks ago we heard the breaking news that the United States Central Command twitter account had been hacked by ISIS , the week ended with David Cameron and Barack Obama joining forces to put Cyber Security centre stage as a global issue.
The Twitter and YouTube channels of the US Military Central Command were suspended after they were taken over by hackers affiliated to ISIS. The group calling itself Cyber Caliphate hijacked the Centcom twitter account and sent out the message “AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK.” They then tweeted out what they claimed were U.S. military PowerPoints and personal data on retired Army personnel. All this happened at the same time as President Obama was making a speech about the importance of American businesses protecting their networks from cyber attack and data theft!
Hackers have been attacking networks since the mid 1980s and penetration testing has matured and developed over the years as the industry becomes more established.
Intelligence led testing is the natural next step as organisations seek to put their systems through their paces with realistic scenario based testing campaigns.
The Cyber Security Challenge UK is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more EU citizens resident in the UK to become cyber security professionals. As part of the learning programmes aspect of their brief, they are holding regional cyber days.
Recently I went to support one of their regional events. In this case “regional” meant all the way out in Zone 6 on the Metropolitan line!
SChannel (or Secure Channel) is a proprietary Windows Security Support Provider (SSP) that contains a set of Security Protocols used primarily to secure HTTP connections through SSL and TLS.
Following the renowned `Shellshock’ vulnerability, which affected Linux, there have been several vulnerabilities claiming to be called `Winshock`. CVE-2014-6321 has not been an exception to this trend and is the third such issue to receive the denomination this year. Care should therefore be taken to ensure that this issue is not mistaken for other vulnerabilities claiming to be `WinShock’ such as CVE-2014-6332 (a vulnerability in Windows OLE Automation Array) and this CMD Command Execution.
Following our successful launch of RedIntel at The House of Commons last Friday, Portcullis is very pleased to announce that we have been selected as the first approved supplier of the CBEST tests. As you may know, CBEST is a new intelligence led testing framework run by The Bank of England and delivered through the Council of Registered Ethical Security Testers or CREST.
As we remembered the fallen from wars, many of whom were less than 22 years old, and we marked the milestone of 100 years since the beginning of the Great war; Portcullis also marked its own milestone as one of the longest established companies in IT Security.
Portcullis is proud to announce that we are official sponsor of the Securi-Tay IV afterparty!
Securi-Tay IV is an Information Security conference held by the Abertay Ethical Hacking Society, and supported by Abertay University, Dundee.
The conference is now in its fourth year (hence the IV), and will be held again on February 27th, 2015.
Portcullis will be sponsoring the Securi-Tay IV after party hosted at the Abertay Students’ Union.
Visit Securi-Tay’s web page to find more information on tickets and attending the event.
Last night, researchers from Google released details of a new attack that they have called the Padding Oracle On Downgrade Legacy Encryption (POODLE) attack which has been assigned CVE-2014-3566. This attack utilises a vulnerability in version three of the SSL protocol (SSLv3) when using Cipher Block Chaining (CBC) mode ciphers. Despite SSL being superseded by TLS, some TLS implementations allow for backwards compatibility with SSL to facilitate a smooth user experience when communicating with legacy systems.