December Security Report

Information Security Report – December 2017

Over the past month, we have seen a number of threats, vulnerabilities, and spear phishing attacks affecting organisations worldwide. Read on for a summary of these events to help you assess their implication on your environment. Threats and Exploits Mailsploit Mailsploit Allows Spoofed Mails to Fool DMARC. Mailsploit is a collection of vulnerabilities in various […]

Vulnerability Management

How to set up the right Vulnerability Management processes

Managing your network vulnerabilities and identifying the right vulnerability management processes can be complex. Whilst finding and prioritising vulnerabilities are the responsibility of the security leader, the speed at which these vulnerabilities are remediated is dependent on other people in your organisation. System architects and administrators, IT managers and system owners all play a part […]

things you should know about ISO/IEC 27001

Ten things you should know about ISO/IEC 27001

1.    What is ISO 27001? ISO 27001 is an international standard for information security management. 2.    Why is ISO 27001 important to me? Information is the lifeblood of most contemporary organisations’. It provides intelligence, commercial advantage and future plans that drive success. Most Organisation store these highly prized information assets  electronically. Therefore, protection of these […]

What should I look for in a Threat Intelligence Solution?

This blog article is part of a series: Part 1 | Part 2 | Part 3 In this final article in this series, I provide some guidance on what to look for in a CTI solution. The four important questions when assessing CTI should be: How current is the Threat Intelligence Provided? How broad is […]

ASD Essential 8 Summary

ASD Essential 8 Summary

So you have mastered the ASD Top 4? What do you need to tame the Essential 8?  In this ASD Essential 8 Summary, we will answer: What has stayed the same? What has changed? What that means? What do I need to do to achieve this baseline standard? When do I need to complete it […]

Is Cyber Threat Intelligence worth investing in?

This blog article is part of a series: Part 1 | Part 2 | Part 3 In this blog article, I am seeking to address the question of whether CTI is worth investing in. Many vendors of Web Proxies, SIEM solutions, IPS, Firewall, UTM’s and email filtering technologies already provide a threat feed. The question […]

Cyber Threat Intelligence

What business problem does Cyber Threat Intelligence (promise to) solve?

This blog article is part of a series: Part 1 | Part 2 | Part 3 The cyber industry is certainly excited by CTI, and I don’t want to make any predictions on whether the excitement will blow over any time soon. The Threat Intelligence approach, does provide some hope, yes hope, of lessening a […]

What is Cyber Threat Intelligence?

What is Cyber Threat Intelligence? And when do you need it?

Cyber Threat Intelligence (CTI) appears to be one of the hot topics in information security at the moment. Almost every vendor as well as the open source community has their unique take on what is, and what is not important in the CTI arena. I have been asked a number of questions by clients and […]

Discovering Information Leakage In Files

Discovering information leakage in files

[NOTE: All information was gathered from public websites] Discovering information leakage in files and why it’s important? During the build-up to our recent product launch of “”, Shearwater Ethical Hacking team (SEH) conducted hefty amounts of research into phishing attacks, and how they are being used to compromise countless individuals, corporations and governments every day. […]