Latest news

Shutterstock image: 1798108846

So you want to work in cyber security?

There are many different types of jobs in cyber security. In this blog, Sourya Biswas, Technical Director here at NCC Group, gives some pointers for the different areas people may want to consider when thinking of a career in cyber security.

Digital Operational Resilience Act (DORA) Royalty free stock vector ID: 1942670248

Digital Operational Resilience Act (DORA) – 5 key challenges to prepare for

The EU’s Digital Operational Resilience Act (DORA) is expected to come into effect in 2023. DORA aims to simplify and update the rules on ICT risk management in the face of rapid technology adoption. Here we take a look at the key challenges organisations will face in order to comply.

Geometric illustration of oil and gas pipeline. Royalty-free stock vector ID: 1606949662.

News spotlight: Oil and gas pipelines a target for hackers – part one

Last week saw substantial cyber security developments for the oil and gas industries in the US. In the first of two articles, Damon Small, technical director at NCC group reacts to an advisory released by the CISA and FBI on a spear phishing and intrusion campaign carried out on 23 US oil and natural gas pipeline operators between 2011 to 2013 by Chinese state-sponsored hackers.

Executive Analysis: How to effectively respond to a ransomware attack in four key steps, Lloyd Brough, Technical Director, NCC Group.

Executive Analysis: How to effectively respond to a ransomware attack in four key steps

In the latest issue of Insight Space, Lloyd Brough explains how to effectively respond to a ransomware attack in four key steps.

Virtual event: is ransomware an exponential threat to society?

Virtual event playback: Is ransomware an exponential threat to society?

In our latest Big Three virtual event, Quentyn Taylor, Director of Information Security at Canon Europe, Keith McDevitt, Cyber Security Integrator at the Scottish Government and Katharina Sommer, Head of Public Affairs at NCC Group, joined Ade Clewlow, Senior Advisor at NCC Group to discuss the exponential threat of ransomware.

Microsoft Exchange: analysing the geopolitics

Microsoft Exchange: analysing the geopolitics

Christo Butcher, global lead for threat intelligence at NCC Group and Fox-IT, outlines the motivations behind the Microsoft Exchange attack and analyses the significance of Western authorities’ accusation of China as responsible.

Upcoming events

(WEBINAR) Whitebox pentesting: A faster, more accurate pentest for the enterprise

(WEBINAR) Whitebox pentesting: A faster, more accurate pentest for the enterprise

Event date 19 February 2021 – 19 August 2021

Don't miss NCC Group's very own presenting the Bad Active Directory (BAD) training at BlackHat on the 31st of July - 1st of August or from the 2nd - 3rd of August 2021!

BlackHat - Bad Active Directory (BAD) Training | NCC Group's Dhruv Verma, Michael Roberts, Xiang Wen Kuan

Event date 31 July 2021 – 3 August 2021

Location BlackHat

Photo by Joshua Reddekopp on Unsplash

Black Hat USA 2021 – Secure Coding training

Event date 31 July 2021 09:00 – 18:00

Location Black Hat

Social media

We’re spotlighting some of our new Technical Security Interns who we welcomed to NCC Group recently. We chatted to Allena about what she’s been getting up to and what she’s hoping to get out of her time here. #SwipeForMore And if you missed our last post with Sam, another of our new interns, you can view it a little further down our profile. #Welcome #WeAreNCCGroup #CyberSecurity #StartYourJourney #StepIntoCyber #EthicalHacking #WebApplicationSecurity #CyberFirst

We’re spotlighting some of our new Technical Security Interns who we welcomed to NCC Group recently. We chatted to Allena about what she’s been getting up to and what she’s hoping to get out of her time here. #SwipeForMore And if you missed our last post with Sam, another of our new interns, you can view it a little further down our profile. #Welcome #WeAreNCCGroup #CyberSecurity #StartYourJourney #StepIntoCyber #EthicalHacking #WebApplicationSecurity #CyberFirst

lifeatnccgroup

In our latest ‘Spotlight on’ regulations piece we take a look at the latest version of the Monetary Authority of Singapore’s (MAS) Technology Risk Management (TRM) guidelines, published earlier this year and what they mean for financial institutions https://t.co/L4xd6j2e4N

@NCCGroupplc

News spotlight: pipelines are a target for hackers. Hear @damonsmall's view on recent cyber security developments in the oil and gas industries, including an advisory issued by the CISA and the FBI here https://t.co/PPqVgwdzaQ

@NCCGroupplc
Today we have not one, not two, but three pets of the week! This grey trio, Bixby, Zeus, and Elliot, are complete mama’s boys. Bixby is the known troublemaker, Zeus is the gentle giant and lovebug, and Elliot is a total sweetie. Although only two of them are from the same litter, they were adopted all together and are the cutest little team. They bring joy and plenty of noise to Tara’s house, but she couldn’t imagine life without them! #NCCPetOfTheWeek #WorkingFromHomePurrks #YepThePunsAreBack #NotSorry #CatsOfInstagram 🐱

Today we have not one, not two, but three pets of the week! This grey trio, Bixby, Zeus, and Elliot, are complete mama’s boys. Bixby is the known troublemaker, Zeus is the gentle giant and lovebug, and Elliot is a total sweetie. Although only two of them are from the same litter, they were adopted all together and are the cutest little team. They bring joy and plenty of noise to Tara’s house, but she couldn’t imagine life without them! #NCCPetOfTheWeek #WorkingFromHomePurrks #YepThePunsAreBack #NotSorry #CatsOfInstagram 🐱

lifeatnccgroup

In the latest issue of Insight Space, Lloyd Brough, Technical Director, explains how to effectively respond to a #ransomware attack in four key steps. Find out more here https://t.co/ln0WWIKRgI

@NCCGroupplc
Have you been keeping up with our #NCCDiamonds? We've been featuring the global winners of our colleague recognition awards on Instagram. Find out more at https://t.co/ndCRKofbWL https://t.co/7YFyzxKm2y

Have you been keeping up with our #NCCDiamonds? We've been featuring the global winners of our colleague recognition awards on Instagram. Find out more at https://t.co/ndCRKofbWL https://t.co/7YFyzxKm2y

@NCCGroupplc

Summary Sunhillo is an industry leader in surveillance data distribution. The Sunhillo SureLine application contained an unauthenticated operating system (OS) command injection vulnerability that allowed an attacker to execute arbitrary commands with root privileges. This would have allowed for a threat actor to establish an interactive channel, effectively taking control of the target system. Impact … Continue reading Technical Advisory – Sunhillo SureLine Unauthenticated OS Command Injection (CVE-2021-36380) →

Technical Advisory – Sunhillo SureLine Unauthenticated OS Command Injection (CVE-2021-36380)
Today’s #NCCDiamond is Sourya Biswas, who was chosen by CEO Adam Palser as the recipient of the CEO Choice Award. Nominated by a significant number of colleagues for a number of different reasons, it’s clear that Sourya’s impact is felt across NCC Group. He’s known for delighting customers through brilliantly creative solutions to problems and providing invaluable expert insight. Providing support and guidance for colleagues by going out of his way to write guides on technical processes, he also encourages them to be the best they can be through thoughtful feedback. And his numerous speaking engagements and publications demonstrate his great knowledge and provide exciting new opportunities to engage with customers and prospects. #NCCDiamonds #ColleagueAppreciation #CEOChoice #WeAreNCCGroup 💎

Today’s #NCCDiamond is Sourya Biswas, who was chosen by CEO Adam Palser as the recipient of the CEO Choice Award. Nominated by a significant number of colleagues for a number of different reasons, it’s clear that Sourya’s impact is felt across NCC Group. He’s known for delighting customers through brilliantly creative solutions to problems and providing invaluable expert insight. Providing support and guidance for colleagues by going out of his way to write guides on technical processes, he also encourages them to be the best they can be through thoughtful feedback. And his numerous speaking engagements and publications demonstrate his great knowledge and provide exciting new opportunities to engage with customers and prospects. #NCCDiamonds #ColleagueAppreciation #CEOChoice #WeAreNCCGroup 💎

lifeatnccgroup

Background For some time there has been a growing movement amongst consumers who wish to repair their own devices in a cost effective manner, motivated to reduce their expenses, and reduce e-waste. This is becoming ever more difficult to achieve as devices reach ever higher levels of complexity, and include more electronics and firmware. The … Continue reading Practical Considerations of Right-to-Repair Legislation →

Practical Considerations of Right-to-Repair Legislation
We want to say a massive welcome to our new Technical Security Interns, who started with us recently! Starting a new role remotely can be pretty daunting, especially an internship, and we checked in with some of our new interns to see how they’re settling in. We spoke to Sam, who shared what they have been enjoying about their time at NCC Group so far. #SwipeForMore #Welcome! #WeAreNCCGroup #CyberSecurity #StartYourJourney #EthicalHacking #CaptureTheFlag #CyberDiscoveryProgramme #PowerShell

We want to say a massive welcome to our new Technical Security Interns, who started with us recently! Starting a new role remotely can be pretty daunting, especially an internship, and we checked in with some of our new interns to see how they’re settling in. We spoke to Sam, who shared what they have been enjoying about their time at NCC Group so far. #SwipeForMore #Welcome! #WeAreNCCGroup #CyberSecurity #StartYourJourney #EthicalHacking #CaptureTheFlag #CyberDiscoveryProgramme #PowerShell

lifeatnccgroup

Summary ICTFax is fax to email software maintained by ICTInnovations. In version 7-4 of this product, available through the CentOS software repository, an indirect object reference allows a user of any privilege level to change the password of any other user within the application – including administrators.  Impact Successful exploitation of this vulnerability can allow … Continue reading Technical Advisory – ICTFAX 7-4 – Indirect Object Reference →

Technical Advisory – ICTFAX 7-4 – Indirect Object Reference

Summary Nagios Log Server is a Centralized Log Management, Monitoring, and Analysis software that allows organizations to monitor, manage, visualize, archive, analyse, and alert on all of their log data. Version 2.1.8 of the application was found to be vulnerable to Stored and Reflected XSS. This occurs when malicious JavaScript or HTML code entered as … Continue reading Technical Advisory: Stored and Reflected XSS Vulnerability in Nagios Log Server (CVE-2021-35478,CVE-2021-35479) →

Technical Advisory: Stored and Reflected XSS Vulnerability in Nagios Log Server (CVE-2021-35478,CVE-2021-35479)

Press contacts

NCC Group Press Office

NCC Group Press Office

Press contact All media enquires relating to NCC Group plc +44 7824 412 405
NCC Group - Financial Media Enquiries

NCC Group - Financial Media Enquiries

Press contact Maitland AMO Financial Results Media Enquiries +44 (0)20 7379 5151
Regional Press Office - North America

Regional Press Office - North America

Press contact +1 408 776 1400

NCC Group exists to make the world safer and more secure

In today’s threat landscape understanding the risks organisations and customers are exposed to is more important than ever.

Understanding the impact and how to be more resilient is key to protecting brand, reputation and sensitive customer information. Building a cyber-resilient organization can be a complex process but it’s not impossible.

With our knowledge, experience and global footprint, we help assess, develop and manage cyber resilience posture.

NCC Group Newsroom
XYZ Building, 2 Hardman Boulevard, Spinningfield
M3 3AQ Manchester
United Kingdom
NCC Group customer website
NCC Group corporate website
NCC Group Cyberstore