WAR STORIES
 
In this paper, we discuss the process of finding vulnerabilities in remotely managed routers, in particular those running on the Optimum network. We delve into the setup process for these routers, examine modifications that Optimum has made to an off-the-shelf router firmware, and highlight (...)
WAR STORIES
 
Email was not designed to be used the way it is today. Organisations rely on email for daily business communication and while most are protecting against low-level threats, more sophisticated email-based attacks are on the rise.
OPINIONS
 
Last week marked the last episode of “Menneskejagt” (Danish: Hunted), a TV show that aired for six weeks on Danish national television. The show follows several groups of contestants, who are on the run from a team of professional hunters and are treated as real fugitives.
EVENT
 
The IT security industry and the threat landscape are ever-changing, and the need to stay a step ahead of the cyber criminals is of critical importance across different industries. The best IT departments invest in educating their employees, as the human factor is always the critical frontier in (...)
WAR STORIES
 
NCC Group commissioned research consultancy ComRes to survey 200 board directors from UK companies with over 500 employees. The Group has released its 'Elephant in the Boardroom' report on the day its CEO, Rob Cotton, delivers a keynote at the Institute of Directors Annual Convention on (...)
WAR STORIES
 
One of the main concerns relating to the replacement of IT infrastructure is the cost. The risk of introducing compatibility issues and, ultimately, downtime also causes anxiety. However, exploitation of vulnerabilities in legacy systems and software can be damaging to an organisation on both a (...)
WAR STORIES
 
We’ve published a short eBook about the potential impact General Data Protection Regulation (GDPR) may have on your marketing activity. Regardless of when or how the various negotiations develop with the EU, the UK’s data protection standards will have to be equivalent to the EU’s GDPR.
THREATS
 
NCC Group was recently posed the following by one of our UK CISO Research Council members: ‘Blockchain (especially BitCoin) is highly dependent on elliptic curve crypto and hashes like SHA256 and RIPEMD-160, which are all vulnerable to quantum computing attacks using Shaw’s and Grover’s algorithms (...)
WAR STORIES
 
What happens when a seemingly harmless “lightweight” protocol contains a fatal security misconfiguration? FortConsult’s Lucas Lundgren found out after stumbling across it while doing research in IoT security.
EVENT
 
FortConsult will be hosting an event on Risk Management on September 2nd, where we will talk about how to unite the board and the security department in order to create a coherent strategy.
EVENT
 
The media loves a good story. One with intrigue that plays on emotions and can provoke a reaction from the public. The biggest stories develop over time and run for weeks or even months. When a story about a security breach gets media attention, the financial and brand equity losses for the company (...)
WAR STORIES
 
We are pleased to announce that our consultants Lucas Lundgren and Neal Hindocha are among this year’s speakers at DEF CON in Las Vegas. Their talk will demonstrate how a seemingly innocuous protocol can be exploited to gain access to and manipulate sensitive information, which one wouldn’t (...)
IT-Security
 
FortConsult was invited to hack the radio hosts from a morning show on Denmark’s most popular radio station, P3. Denmark’s Radio challenged us to try to intrude on the hosts’ private lives online, with as few resources as possible. In the few days allocated to this task, our team managed to get (...)
THREATS
 
In September 2012 NCC Group noted a security issue relating to the use of ASP.NET forms authentication in a shared/cloud hosting environment, which could potentially allow an attacker to successfully authenticate to an application for which they do not have valid credentials. This threat brief will (...)
THREATS
 
This threat brief discusses the existence of embedded USB keyboards that are becoming increasingly common. These keyboard-like devices can be used to bypass the security enhancements in modern operating systems or configuration settings that stop the automatic execution of code from USB devices. (...)