Cyberis Blog

Reassuringly clear thinking.

  • Detect and respond
  • Red teaming
  • Research

Microsoft Bookings – Facilitating Impersonation

Microsoft Bookings introduces a significant security risk by allowing end users to create fully functional Entra accounts without administrative oversight. These accounts, tied to shared Booking pages, can be exploited for impersonation, phishing, and email hijacking. Attackers could leverage this functionality to bypass security measures, gain unauthorised access to sensitive resources, and facilitate lateral movement within an organisation. Our blog explores these weaknesses in detail and provides recommendations for detection and mitigation.

Read more
  • Tools and techniques

Exploiting KeePass CVE-2023-32784

KeePass is a popular open-source password manager which allows users to securely store and manage their passwords in an encrypted database. On May 10 2023 a high risk vulnerability was discovered. This vulnerability allows an attacker with access to the system where KeePass is running to exploit the flaw by analysing a memory dump to extract the master password to the database. The memory dump containing the password can include KeePass process dump, RAM dump of the entire system, hibernation files, or swap files. In this article we will extract the password from KeePass process dump.

Read more
  • Penetration testing
  • Tools and techniques

CUPS Security Flaws

On 23rd September 2024, a zero-day vulnerability was highlighted by security researcher Simone Margaritelli in the Linux CUPS printing system, which gained widespread attention due to the unofficial CVSS severity rating of 9.9 allocated to it. Following the ever-growing attention and comparisons to catastrophic global security incidents such as Heartbleed and Log4J, further details emerged on the vulnerability, and the overall risk was found to be lower than first expected. However, the impact of a successful exploit is still agreed to be significant.

Read more
  • Cyber Essentials

Cyber Essentials Charity Month 2024

During Charity Awareness Month this year, IASME and participating partners are offering a reduction of £75 to all qualified participants. If assessed through Cyberis, qualified participants will also receive a discount towards Cyber Essentials Plus assessments. This will allow an organisation to gain further insight into their security posture and assess if they are correctly following IASME's pillars of security.

Read more
  • News

CrowdStrike / Windows Outage

There are reports that an update to CrowdStrike Falcon Sensor, relating to a faulty channel file, on Windows machines caused these systems to crash with a BSOD and then enter a boot loop, preventing the systems from operating normally.

Read more
  • Cyber Essentials
  • Penetration testing

The Importance of The Cyber Essentials Scheme

The Cyber Essentials Scheme is a UK-based certification program that aims to help organisations improve their cybersecurity posture and protect themselves from common cyber threats. The scheme covers five core pillars of security: secure configuration, boundary firewalls, access controls, patch management, and malware protection. By implementing these controls, organisations can reduce the risk and impact of cyber attacks, which affect 32% of UK businesses and cost around £736 million in 2021. The scheme also offers benefits such as enhanced market reputation, lower cyber insurance premiums, and compliance with government contracts. The Cyber Essentials Scheme is therefore an essential certification for any organisation operating in the UK, regardless of size or sector.

Read more
  • Penetration testing
  • Tools and techniques

The Overlooked Control: Cache-Control in Mobile App Security

In the realm of mobile application development, attention often gravitates towards high-profile security vulnerabilities like SQL injection, business logic flaws, or weak access controls. However, one crucial aspect that often slips under the radar is the proper implementation of cache-control settings, especially when handling Network API requests. While seemingly innocuous, neglecting cache control can open a Pandora's box of security risks, a fact often overshadowed by more sensational security findings.

Read more
  • Red teaming

"Assumed Compromise" Assessments: A Guide

In red teaming, defining the business objectives of the exercise early is essential to driving the best value realisation from the exercise. Each attack simulation involves a bespoke scoping exercise, and it is during these scoping processes that we discuss different ways of potentially achieving the desirable business objectives and the pros and cons of each.

Read more

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Contact us About Cyberis