OccamSec

🔒It's that time again - Microsoft Patch Tuesday July! 🔒 This month, Microsoft has released 143 security updates, focusing on Remote-Code-Execution (RCE) and privilege elevation vulnerabilities. Notably, CVE-2024-38112 and CVE-2024-38080 are being actively exploited in the wild. Key areas of concern include SQL Server's Native Client and Secure Boot security feature bypasses. Keeping your systems up to date and patched is a great defense. But remember, sometimes the best defense is a good offense. When you need that strong offense, we're here to help at OccamSec. #CyberSecurity #PatchTuesday #InfoSec #Microsoft #ThreatIntel https://lnkd.in/gd3mxCgG

Recent ransomware attacks, like the one on CDK Global that disrupted over 15,000 car dealers, highlight a critical need for robust cybersecurity measures. While your security budget isn't limitless, the potential damage from online threat actors is, and your organization needs advanced detection and regular security audits. At OccamSec, we offer Incenter—a reliable, always-on solution that combines automated testing with expert human oversight. This framework not only protects against threats but also ensures your organization avoids costly downtime. Protect your organization and optimize your security budget with OccamSec’s Incenter. Contact us today to learn more. https://lnkd.in/ggYEtzZs #Affordable #Cybersecurity #Pentest #Prevent #RansomWare

FinSec Leadership Forum 🚀 June 27 We’re excited to announce our attendance at this week’s FinSec Leadership Forum, sponsored by FinTech-Tables and hosted by Barclays at their Glasgow campus. Darren Anderson, OccamSec's Information Security Director, will be there to discuss supply chain risk and third-party risk management which has been an ever growing problem. Don’t miss this chance to gain insights from industry leaders and explore innovative cybersecurity solutions. #FinSec #CyberSecurity #RiskManagement #DigitalPayments #SupplyChainRisk Virgin Money FNZ Group Lloyds Banking Group M&G plc Royal London

The recent advisories from the Cybersecurity and Infrastructure Security Agency (CISA) raise an alarm, we must safeguard our Industrial Control Systems (ICS). These systems are distinct in their complexity and integral to the operation of essential infrastructure sectors like energy, water, and transportation. A strong security plan for ICS must be tailored to address their specific vulnerabilities and operational requirements. This involves understanding each organization's unique configurations, protocols, and legacy systems which characterize their ICS environments. Regular assessments, continuous monitoring, and customized security measures are critical to maintaining a healthy security posture. #ICS #industrial #security #cybersecurity

This man is about to change the whole meaning of "botnet", because those bots are getting hacked. 😅 Listen, we all want a cheap robot that folds laundry as much as the next person, but can you imagine the carnage? Cyber attacks are bad enough already, but now we have to deal with someone who's amassed a swarm of chore-bots? Nope. Let's practice basic #cybersecurity first. #botnet A network of infected computers that are controlled by a single entity, often without the knowledge of the computers' owners.

🚨 Data Breach: Kaiser Permanente® On October 25, 2023, Kaiser Permanente identified a privacy incident where certain online trackers (cookies/pixels) on their websites and apps transmitted personal info to third-party vendors Google, Microsoft Bing, and X (Twitter). Although no sensitive information like Social Security numbers or financial details were involved, it's a reminder of the importance of cybersecurity. At OccamSec, we serve companies in need of proven cybersecurity measures, and we have the proof with our Fortune 100 clients. With industry-standard accreditation, we can help you stay vigilant and protect customer data. Drop us a line, and let us help you enhance your security posture. https://lnkd.in/guGK3qax #CyberSecurity #DataBreach #Privacy #KaiserPermanente #OSec

🚨 Supply chain attacks are on the rise, threatening businesses of all sizes. Basic cybersecurity measures are essential to mitigate these risks. Here are key steps to enhance your defense: - Improve Network Visibility: Know what's happening within your network. - Regular Penetration Testing: Identify and fix vulnerabilities before they can be exploited. - Employee Training: Ensure everyone understands cybersecurity best practices. By implementing these strategies, you can better protect your business from potential supply chain threats. Stay proactive and secure! #CyberSecurity #SupplyChainSecurity #DataProtection

🚀 Exciting News from OccamSec! 🚀 We're thrilled to share that our very own Senior Security Engineer, Ivano Bianco, recently attended and spoke at the IoD-hosted event in Glasgow: Digital Transformation: People-Driven, Tech-Powered. Ivano brought his extensive expertise in offensive security and IT infrastructure to the event, sharing valuable insights on how businesses can navigate the complexities of today's digital landscape while ensuring compliance and security. The event comes at a pivotal time, with the next general election on the horizon and the recent spring budget indicating a potentially turbulent year ahead. However, the evening was filled with optimism, actionable strategies for growth, and of course some good brews!

 We are proud to have Ivano representing OccamSec at such a significant event, contributing to the ongoing conversation about digital transformation and cybersecurity. Stay tuned for more updates from our team as we continue to drive innovation and security in the digital age! #CyberSecurity #OffensiveSecurity #IoD #OccamSec

Let's Protect Our Water Systems! The EPA's latest alert on cyberattacks against community water systems shows that basic scanning isn't enough. Work with us. We know the unique risks and EPA requirements for water utilities, and we've already got experience with securing critical infrastructure: 🔹 Purple Teaming 🔹 Red Teaming 🔹 Penetration Testing 🔹 Continuous Monitoring Secure smarter, not harder, with OccamSec. https://lnkd.in/eN_iC-Tu #Cybersecurity #WaterSafety #EPA #PenTesting #PurpleTeam #RedTeam #ContinuousMonitoring

🚨 Attention developers! 🐍 A recent supply chain attack on a Python package revealed a critical red flag. While the legitimate "requests" library logo has a file size of ~300 kB, the malicious "requests-darwin-lite" package contains a logo file of 17 MB! 📈 This significant size difference is a glaring anomaly that should raise immediate suspicion when incorporating dependencies. At OccamSec, we're committed to helping you fortify your defenses against evolving supply chain threats. Let's work together to build your company's #SupplyChainSecurity solution. #CyberSecurity #OccamSec https://lnkd.in/d6KZjXDd