Latest news

NCC Group Monthly Threat Pulse – April 2023: Ransomware threat remains at high level

NCC Group Monthly Threat Pulse – April 2023: Ransomware threat remains at high level

The volume of ransomware attacks remained at record highs with 352 attacks in April, the second-highest month on record, according to the latest analysis from NCC Group’s Global Threat Intelligence team.

Implementation of post-quantum algorithm by Fox Crypto open source available

Implementation of post-quantum algorithm by Fox Crypto open source available

Fox Crypto, in close cooperation with the National Communication Security Agency (NL-NCSA), has implemented a production-ready post-quantum algorithm in C99 (programming language). The fact that this is open source means that developers and other interested parties have free access to the source materials, software and documentation.

UK Government publishes regulations that will enact the UK Product Security and Telecoms Infrastructure Act

UK Government publishes regulations that will enact the UK Product Security and Telecoms Infrastructure Act

Last week, the UK Government published the regulations that will enact the UK Product Security and Telecoms Infrastructure Act. Here, Head of Technology, Media and Telecoms, James Williams, shares his thoughts on the new legislative framework with a deadline of 29 April 2024 for compliance.

CYBERUK 2023 – Reflections on securing an open and resilient future through global cooperation

CYBERUK 2023 – Reflections on securing an open and resilient future through global cooperation

Last week, the UK Government’s flagship cyber security event, CYBERUK, organised by the National Cyber Security Centre (NCSC), took place in Belfast. In NCC Group’s eighth consecutive year sponsoring CYBERUK – this year as Technical Masterclass sponsors – we spoke to Global Head of Compliance Services, Duncan McDonald, and Public Sector Account Director, Craig Pollard for their key takeaways.

Diji Akinwale, Director of Strategy and Transformation

NCC Group appoints its first Strategy and Transformation Director

We are pleased to announce the appointment of Diji Akinwale to the role of Director of Strategy and Transformation with immediate effect.

NCC Group Monthly Threat Pulse – March 2023

NCC Group Monthly Threat Pulse – March 2023

March saw an unprecedented surge in ransomware attacks with 459 recorded, a 91% increase from February 2023.

Social media

Introduction We are going to walk through the process we took to reverse engineer parts of the Android game Coin Hunt World. Our goal was to identify methods and develop tooling to cheat at the game. Most of the post covers reverse engineering the game’s binary protocol and using that knowledge to create tooling for […]

Reverse Engineering Coin Hunt World’s Binary Protocol

Introduction Faronics Insight is a feature rich software platform which is deployed on premises in schools. The application enables teachers to administer, control and interact with student devices. The application contains numerous features, including allowing teachers to transfer files to/from students and remotely viewing the contents of student screens. Generally speaking, the architecture of the […]

Technical Advisory – Multiple Vulnerabilities in Faronics Insight (CVE-2023-28344, CVE-2023-28345, CVE-2023-28346, CVE-2023-28347, CVE-2023-28348, CVE-2023-28349, CVE-2023-28350, CVE-2023-28351, CVE-2023-28352, CVE-2023-28353)

Code Query is a new, open source universal code security scanning tool. CQ scans code for security vulnerabilities and other items of interest to security-focussed code reviewers. It outputs text files containing references to issues found, into an output directory. These output files can then be reviewed, filtered by unix command line tools such as […]

Tool Release: Code Query (cq)

A common challenge technical teams (e.g. penetration testers) face is centralized deployment and pipelining execution of security tools. It is possible that at some point you have thought about customising several tools, buying their commercial licenses, and allowing a number of people to run the tools from AWS. The problem is that this means you […]

CowCloud

Cedric Halbronn and Alex Plaskett presented at OffensiveCon on the 19th of May 2023 on Exploit Engineering – Attacking the Linux kernel. Slides The slides for the talk can be downloaded below: libslub libslub can be downloaded from here. Abstract The abstract for the talk was as follows: Over the last year the Exploit Development […]

OffensiveCon 2023 – Exploit Engineering – Attacking the Linux Kernel

Code Credential Scanner is a new open source tool designed to detect hardcoded credentials, or credentials present in configuration files within a repository. These represent a serious security issue, and can be extremely hard to detect and manage. The tool is intended to be used directly by dev teams in a CI/CD pipeline, to manage […]

Tool Release: Code Credential Scanner (ccs)

In the following blog post, we explore how overfitting can affect Large Language Models (LLMs) in particular, since this technology is used in the most promising AI technologies we see today (chatGPT, LLaMa, Bard, etc). Furthermore, by exploring the likelihood of inferring data from the dataset, we will determine how much we can trust these […]

Exploring Overfitting Risks in Large Language Models

You may have heard of RSA (b. 1977), but have you heard of its cousin, Paillier (b. 1999)? In this post, we provide a close look at the Paillier homomorphic encryption scheme [Paillier1999], what it offers, how it’s used in complex protocols, and how to implement it securely. Contents RSA Encryption Refresher and Notation We’ll […]

The Paillier Cryptosystem with Applications to Threshold ECDSA

This blog post presents a whirlwind overview of Verifiable Random Functions (VRFs) as used by several leading-edge blockchains, and shows how a very interesting and recently found implementation oversight causes the VRF’s assurance of uniqueness to fall apart. As VRFs are commonly used for selecting blockchain consensus voting committees, this can result in a rigged […]

Rigging the Vote: Uniqueness in Verifiable Random Functions

Medical device security is gaining more attention for several reasons. The conversation often gets connected to device safety, that is, the degree to which the risk of patient harm is limited by preventing or controlling for device malfunction. Device security expands the scope of safety by supposing a malicious attacker is causing or exploiting the […]

Medical Devices: A Hardware Security Perspective
Cycle for Smart Works is NCC’s opportunity to help empower women for job success. For many women, getting a job is a lifeline. It is a chance to escape poverty, gain financial stability and restore confidence. This International Women’s Day, a number of colleagues from our UK offices have challenged themselves to cycle 100 miles each between 1 and 8 March to fundraise for the charity. We're looking forward to receiving their matched giving requests - good luck team! #GivingBack #SmartWorks #IWD #IWD2023

Cycle for Smart Works is NCC’s opportunity to help empower women for job success. For many women, getting a job is a lifeline. It is a chance to escape poverty, gain financial stability and restore confidence. This International Women’s Day, a number of colleagues from our UK offices have challenged themselves to cycle 100 miles each between 1 and 8 March to fundraise for the charity. We're looking forward to receiving their matched giving requests - good luck team! #GivingBack #SmartWorks #IWD #IWD2023

lifeatnccgroup
In this instalment of our #MySwitch2Cyber blog series, we sat down with Rob to hear about his journey from working in the Dutch military to ethical hacking, and now being Team Lead of the Service Delivery Management Team. Get the full story on our newsroom via the link in our bio. #WeAreNCCGroup #FoxIT #CyberCareers #BehindTheScreens #Cyber #Intelligence #OSINT #EthicalHacking #Blog

In this instalment of our #MySwitch2Cyber blog series, we sat down with Rob to hear about his journey from working in the Dutch military to ethical hacking, and now being Team Lead of the Service Delivery Management Team. Get the full story on our newsroom via the link in our bio. #WeAreNCCGroup #FoxIT #CyberCareers #BehindTheScreens #Cyber #Intelligence #OSINT #EthicalHacking #Blog

lifeatnccgroup

Contacts

NCC Group Press Office

NCC Group Press Office

Press contact All media enquires relating to NCC Group plc +44 7976234970
NCC Group - Financial Media Enquiries

NCC Group - Financial Media Enquiries

Press contact Maitland AMO Financial Results Media Enquiries +44 (0)20 7379 5151
Regional Press Office - North America

Regional Press Office - North America

Press contact +1 408 776 1400
Regional Press Office - Europe

Regional Press Office - Europe

Press contact +31 20 794 4737

NCC Group exists to make the world safer and more secure

In today’s threat landscape understanding the risks organisations and customers are exposed to is more important than ever.

Understanding the impact and how to be more resilient is key to protecting brand, reputation and sensitive customer information. Building a cyber-resilient organization can be a complex process but it’s not impossible.

With our knowledge, experience and global footprint, we help assess, develop and manage cyber resilience posture.

NCC Group Newsroom
XYZ Building, 2 Hardman Boulevard, Spinningfield
M3 3AQ Manchester
United Kingdom
NCC Group customer website
NCC Group corporate website
NCC Group Cyberstore