NCC Group 2021 Annual Research Report
We are proud to present our second Annual Research Report – summarising over 237 conference publications, technical blog posts, advisories, and tool releases published by our researchers between January 1 2021 and December 31 2021.
Formation flying: spotlight on aviation security
In our latest sector spotlight, we’ve teamed up with aviation security consultants 3DAssurance to look at cyber security for the aviation sector, revealing the need for a more holistic approach from all operational arms of the sector in order to effectively manage security risk in this period of rapid digitalisation and beyond.
Are vaccine passports giving a free pass to COVID-19 rule breakers?
We’ve been researching digital vaccine credential systems to gauge the extent to which user privacy is affected, and the degree of trust that users should place on these systems.
GPS S.O.S: Making GPS technology safer
GPS tracking is now a part of our daily life - in our smartwatches, smartphones, pet trackers, vehicles satellite navigation and more. But what are the risks? Anna Reedman, security consultant, explores this.
Are dash cam users en-route to security risks?
We rely on dash cams to continuously record events that happen on the road, and to provide evidence in the event of road traffic incidents or accidents. But can we trust them to keep our data safe and secure? In our latest research with Which?, we put nine devices to the test and uncovered a number of issues.
Honeypot research reveals the connected life might not be so sweet
Smart TVs, fridges, toothbrushes, heating, plugs, cameras, kettles – these are just a few of the connected devices that have made their way into our homes. But what are the security implications of introducing more of these smart devices into our homes? Our latest research with Which? and the Global Cyber Alliance delves into this.
Research update: RM3 – Curiosities of the wildest banking malware
Recently, our Research and Intelligence Fusion Team (RIFT) published research findings on RM3, an advanced variant of the banking malware family known as Gozi, and uncovered Oceania as the top target for threat actor groups.
NCC Group Q1 Threat Report Update: Exploits publicly available for 29% of critical vulnerabilities discovered
Our threat intelligence from Q1 of this year revealed that, of the more than 4,400 vulnerabilities that were disclosed* between January and March 2021, 72% had no patches available.
New whitepaper: how can digital footprints make us vulnerable to cyber crime?
In this post, we speak to Matt Lewis, commercial research director at NCC Group, about our latest whitepaper which explores how our digital footprints can make us vulnerable to cyber crime.
UK government announces plans for new IoT security law
Today, the UK government's Department for Digital, Culture, Media and Sport (DCMS) has published its response to its call for evidence seeking feedback on proposals to regulate the cyber security of consumer smart products. Our global CTO, Ollie Whitehouse, responds to this announcement in this post.
NCC Group forges partnership with CybSafe to boost awareness of human cyber risk
NCC Group has partnered with cyber security and data analytics company, CybSafe, to drive awareness of human cyber risk, improve security habits and help decrease the number of people-related security incidents.
Research spotlight: Hardware and embedded systems
We recently published our annual research report – a look back at our work over the last year. In our follow up research spotlight series, we’re looking into some of the key areas in a little more detail – and in this instalment, we hear from Rob Wood, technical vice president at NCC Group, for more on our research into hardware and embedded systems.
Organisations to boost post-COVID resilience by increasing cyber budgets
New research from NCC Group reveals the challenges and spending priorities for 500 cyber security decision makers from a range of organisations in the wake of the coronavirus pandemic.
Online Casino Roulette: spinning the wheel of misfortune
In our latest research, we turn our attention to the online roulette industry with a useful guide for those who build, maintain and test online roulette systems, detailing different types of online roulette, their potential vulnerabilities and the ways to detect them.
NCC Group joins forces with industry leaders to improve security of open source software (OSS)
Today sees the launch of the Open Source Security Foundation (OpenSSF) – a new industry collaboration driven by dedicated technologists who share a desire to improve the security of OSS. NCC Group is proud to be a founding member of the OpenSSF and to be playing an integral role in driving the foundation's mission forward.
Lights, camera, what about security?
Nearly two weeks ago, we released a technical advisory detailing how the TP-Link C200 IP camera could be exposed to the infamous Heartbleed bug. Today, Dale Pavey has released a full blog which delves into discoveries he made while assessing the security of popular Internet Protocol (IP) cameras.
Introducing Generation Cyber: making cyber security accessible for all
At NCC Group we are passionate about shaping a more sustainable future for cyber security and this month, we’re excited to launch our Generation Cyber campaign, which will focus on how cyber security knowledge can be made accessible for all generations.
On the Road to Zero Trust in Transport: Introducing Automotive Ethernet
As part of our Always On, Always Here campaign, Security Consultant, Liz James, explains how Automotive Ethernet can make connected vehicles safer and more secure by providing opportunities for zero trust.
Securing the next frontier in space technology in collaboration with the University of Surrey
In a review of over 70 past satellite security incidents, experts at the University of Surrey and NCC Group have revealed significant cyber security risks to future satellite control and communication systems.
Seeing is believing – or is it? NCC Group collaborates with UCL on deepfake research
Over the past few months, we’ve been working with University College London (UCL) students on deepfakes, to explore what the implications are for fakery in the context of cyber security. You can now read the full report here.