If you are considering getting your organisation SOC 2 compliant, this blog should be an eye-opener. Obtaining SOC 2 compliance could be quite a time challenge in terms of preparation, process and finances. Many achievements come with obstacles, but SOC 2 does not have to be difficult if you plan well. It will be well […]
29
Jun
Jun
It seems like a long project to reach SOC compliance, right? Well, not if you consider that SOC 2 compliance is a journey and not just a tick box certification. SOC 2 will enable you to embed processes and controls to improve security maturity – demonstrating the operating effectiveness of these controls. How long does […]
28
Jun
Jun
As the question ‘why do I need a Cyber Essentials certification?’ continues to arise, Dr Emma Philpott, the Director and CEO of the IASME Consortium Ltd, answers intriguing questions and provides enlightening responses from her point of view in a recent webinar with Risk Crew. Give yourself a moment out of your day & enrich […]
24
Jun
Jun
Researchers at ZX Security discovered a chain of vulnerabilities that ends with Remote Code Execution in the Accellion Kitework® framework. Kiteworks is a secure file-sharing platform targeted at enterprise audiences that facilitates sharing, syncing, and modifying files between internal and external users on multiple devices. CVE 2021-31585 was discovered in the administrative functionality, specifically the […]
23
Jun
Jun
Don’t leave without reading about this invigorating event hosted by Pulse Conferences celebrating the 5th anniversary of the CISO 360 Congress. And guess what, it’s NOT VIRTUAL but Hybrid.💃 We, Risk Crew will be sponsoring this event and we are looking forward to meeting you in person at Victorian Gothic Mansion House Oakley Court, Windsor, […]
17
Jun
Jun
A supply-chain component contains a critical impact vulnerability that allows a remote attacker to eavesdrop on IoT camera feeds. CVE-2021-32934 has a CVSS score of 9.1, it was introduced through ThroughTek, a component that is commonplace in CCTV systems along with other connected camera devices such as baby monitors. ThroughTek’s point-to-point (P2P) software development kit […]
09
Jun
Jun
A malware strain has been at large for over a year, which was observed to compromise Kubernetes Clusters clearing the way for a backdoor, giving the attacker persistent access. Kubernetes was originally developed by Google and is currently maintained by the Cloud Native Computing Foundation. It is an open-source system that helps automate the deployment, […]
02
Jun
Jun
Risk Crew announces part 2 of the SOC-IT-2-ME series, SOC 2 Type 2: How to Prepare for the Audit Webinar. Let us give you an insight into our upcoming webinar. Established by the American Institute of Certified Public Accountants, SOC 2 defines a governance framework for managing sensitive customer information based on 5 Trust Service […]
25
May
May
Two vulnerabilities in the Rocket Chat (RC) application make it possible for attackers to achieve remote code execution on the server hosting them. RC is a popular open-source messaging platform for enterprise customers. Customers include Lloyd’s, Lockheed Martin and the University of California. RC utilises the MongoDB database, which uses NoSQL to store its data. […]
19
May
May
Ransomware is affecting increasing numbers of organisations, causing the UK to be the second most attacked country globally (in 2020) for ransomware attacks. Which is costing UK businesses a total of £365 million for the year. It’s a huge figure. What can you do to reduce that figure? The answer to that question is, protect […]