Latest news

Webinar: Breaking Free From the Hamster Wheel of Third-Party Risk Management

Webinar: Breaking Free From the Hamster Wheel of Third-Party Risk Management

Editor’s note: Looking to get more out of your Third Party Risk Management Program? Be sure to register for our upcoming webinar, “Breaking Free From the Hamster Wheel of Third-Party Risk Management”.

Shutterstock: Royalty-free stock vector ID: 558060373
Shutterstock: Royalty-free stock vector ID: 558060373

NCC Group providing ongoing threat intelligence on F5 Networks vulnerability

​Last week, a new vulnerability which could allow remote compromise of F5 Networks BIG-IP networking devices was disclosed. In the days following the initial disclosure, NCC Group’s Research Intelligence Fusion Team (RIFT) has closely monitored the vulnerability – setting up a honeypot to learn more about the behavior of threat actors.

New whitepaper: How to make threat actors work harder and fail more often

New whitepaper: How to make threat actors work harder and fail more often

We’ve published a new whitepaper to help organisations build their resilience against cyber attacks, based on insights from our Red Team engagements across the globe.

Security Surgery with Matt Lewis Part One: Smart Cities

Security Surgery with Matt Lewis Part One: Smart Cities

In this four-part series, Matt Lewis, Research Director, explains how the work we do shapes and secures our society in ways that you might not be aware of. Today, we’re focusing on the biggest threats to smart cities and best practices for city planners. Watch the video or read the Q&A and get in touch if you want to find out more.

Shutterstock: Royalty-free stock vector ID: 1188428611
Shutterstock: Royalty-free stock vector ID: 1188428611

Risk vs cost: cyber in the face of economic uncertainty

As the Covid recession starts to bite, many organisations will be looking at ways to reduce their costs. Cyber security, beyond pure compliance activities, can often be seen by CFOs as purely a cost, making it a prime candidate for the review and ultimate reduction or removal. But recent research by Portsmouth University in the UK has shown that as GDP falls, criminal activity, including fraud, ri

Royalty-free stock illustration ID: 1286584996
Royalty-free stock illustration ID: 1286584996

APRA’s CPS 234 and Supply Chain Compliance: FAQs

In June 2020, we hosted a webinar on APRA’s CPS 234 Information Security Standard (“CPS 234”), addressing supply chain risk management and compliance, as well as how to apply for the deadline extension. We have provided responses below to the questions asked by attendees on CPS 234 compliance and the process for ensuring that supply chain risk is managed effectively.

Upcoming events

Join us on July 22, 2020 11:00 AM - 12:00 PM CDT for our latest webinar "Incident Response - Fail to Prepare, Prepare to Fail". Sign up using the link above or by visiting the link here: https://nccgroupus.lpages.co/irwebinar072220/.
Join us on July 22, 2020 11:00 AM - 12:00 PM CDT for our latest webinar "Incident Response - Fail to Prepare, Prepare to Fail". Sign up using the link above or by visiting the link here: https://nccgroupus.lpages.co/irwebinar072220/.

WEBINAR: Incident Response - Fail to Prepare, Prepare to Fail

Event date 22 July 2020 16:00 – 17:00

Location Online: https://nccgroupus.lpages.co/irwebinar072220/

Shutterstock: ID: 46430284
Shutterstock: ID: 46430284

Mastering container security training course - Las Vegas

Event date 01 August 2020 - 04 August 2020

Location BlackHat USA, Las Vegas

Be sure to check out NCC Group's very own Rory McClune and Chris Nevin at Black Hat 2020.
Be sure to check out NCC Group's very own Rory McClune and Chris Nevin at Black Hat 2020.

VIRTUAL: Black Hat 2020

Event date 03 August 2020 - 06 August 2020

Location Black Hat USA 2020 - VIRTUAL

Join BrightTalk on September 1 at 9:00 AM to learn "What you need to know about CMMC". NCC Group's very own Jeff Roth and Justin Orcutt will be presenting.
Join BrightTalk on September 1 at 9:00 AM to learn "What you need to know about CMMC". NCC Group's very own Jeff Roth and Justin Orcutt will be presenting.

WEBINAR: What you need to know about CMMC | Hosted by BrightTalk

Event date 01 September 2020

Location WEBINAR: https://www.brighttalk.com/webcast/18108/416050

Join BrightTalk on November 10 at 9:00 AM to learn "Privacy Certifications & What You Need to Know". NCC Group's very own Joe Meyer and Justin Orcutt will be presenting.
Join BrightTalk on November 10 at 9:00 AM to learn "Privacy Certifications & What You Need to Know". NCC Group's very own Joe Meyer and Justin Orcutt will be presenting.

WEBINAR: Privacy Certifications & What You Need to Know | Hosted by BrightTalk

Event date 10 November 2020

Location WEBINAR: ​https://www.brighttalk.com/webcast/18108/419542

Social media

RT @NCCsecurityUS: Pairing over BLS12-381, Part 2: Curves. Check out the second part of a 3 part series taking a detailed look at code for…

@NCCGroupInfoSec

On CVE-2020-5902 (K52145254) we've observed actors deploying xmr miners and increasingly complex payloads. Also ha… https://t.co/CekSHfs1m2

@NCCGroupInfoSec

This is the second of three code-centric blog posts on pairing based cryptography. The first post [1] covered modular arithmetic, finite fields, the embedding degree, and presented an implementation of a 12-degree prime extension field tower. The series will ultimately conclude with a detailed review of the popular BLS12-381 pairing operations found in a variety … Continue reading Pairing over BLS12-381, Part 2: Curves →

Pairing over BLS12-381, Part 2: Curves

RT @techUK: Listen to our latest podcast exploring the cyber security landscape, with fantastic guests from @RUSI_org @NCCGroupplc @macemen…

@NCCGroupInfoSec

Security Surgery Part Two: A day in the life From working remotely to smart TVs and critical national infrastruct… https://t.co/eVgNustCod

@NCCGroupplc

CVE-2020-5902 was disclosed on July 1st, 2020 by F5 Networks in K52145254 as a CVSS 10.0 remote code execution vulnerability in the Big-IP administrative interface. This blog looks at the root causes of both the exploit paths discovered which boil down to subtle configuration issues and differences in behavior between Apache httpd and Apache Tomcat when dealing with an uncommon URI element called matrix (or path) parameters.

Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902

Citrix disclosed on July 7th, 2020 a number of vulnerabilities in the Application Delivery Controller. This blog is a summary of what we know as the situation develops.

RIFT: Citrix ADC Vulnerabilities CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 Intelligence

You can follow the latest updates from our Research Intelligence Fusion Team on a new vulnerability in F5 Networks… https://t.co/BuxDXjYvBL

@NCCGroupplc
Wishing all our colleagues and customers a happy and safe 4th of July https://t.co/XuQvb59DEP

Wishing all our colleagues and customers a happy and safe 4th of July https://t.co/XuQvb59DEP

@NCCGroupplc

Press contacts

NCC Group Press Office

NCC Group Press Office

Press contact +44 7824 412 405
NCC Group - Financial Media Enquiries

NCC Group - Financial Media Enquiries

Press contact Maitland AMO +44 (0)20 7379 5151
Regional Press Office - North America

Regional Press Office - North America

Press contact +1 408 776 1400

NCC Group exists to make the world safer and more secure

In today’s threat landscape understanding the risks your organization and customers are exposed to is more important than ever.

Understanding the impact and what you can do to make your organization more resilient is key to protecting brand, reputation and sensitive customer information. Building a cyber-resilient organization can be a complex process but it’s not impossible.

With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate and respond to the risks they face.

NCC Group Newsroom
XYZ Building, 2 Hardman Boulevard, Spinningfield
M3 3AQ Manchester
United Kingdom