On the 27th January 2015, a vulnerability affecting the GetHost functions within the GNU C Library ‘glibc’ was publicly disclosed. The vulnerability has been named GHOST, and is thought to be comparable to both Heartbleed and ShellShock in terms of potential impact.
Richard Hibbert – SureCloud CEO
With IT Security standards increasing, automation is key to sustaining compliance. Learn how to fast track process implementation and reduce reliance on spreadsheets.
Customer Case Studies
Pain Free and Cost Effective Compliance
SureCloud does a lot more than ensuring we have ticks in all our compliance boxes. The quality...
The top heavy, more expensive solutions (typically developed to help meet Sarbanes-Oxley...
SureCloud has given us a fantastic tool, as well as a higher level of customer service. We can...
We’ve not only gained a cost effective way of meeting our evolving security compliance...
What has SureCloud given us? They have minimised the threat of non-compliance, enhanced the...
We gain a complete picture of our information security and PCI DSS posture at any one moment in...
Latest News & Press
Read SureCloud’s most recent news coverage and press releases
SureCloud's Toby Scott-Jackson, adept at delivering vulnerability testing in call centres throughout his career in information security, lists eight key vulnerabilities to be wary of – some old, some new. An oversight in any of them will leave a call centre vulnerable which poses a significant barrier to achieving and maintaining PCI compliance.
Extract from the Institute of Risk Management’s Extended Enterprise study advances benefits of moving from supplier assessment to supplier risk management
Richard Hibbert's article proposes a new approach to compliance management, one that raises the its profile as a discipline and delivers tangible benefits to the organisation rather than it being a tick-box obligation. The article outlines that compliance needs to evolve in three ways; become control-centric, continuous and collaborative.
Read the full article entitled Thinking Beyond Tick-Box Compliance.
On the 18th November 2014, Microsoft published information relating to a vulnerability that exists within all versions of Windows, and Windows Server operating systems. The vulnerability lies within the Kerberos Key Distribution Center (KDC) in Microsoft Windows.
The vulnerability itself could allow an attacker to escalate their privileges from that of a Domain User to those of a Domain Admin. The Domain Admin would then have full control of the Windows Domain from this point.
On the 11th November 2014, Microsoft revealed the existence of a critical vulnerability residing in all versions of their flagship operating system since Windows 95. The vulnerability lies within the Microsoft Secure Channel (SChannel) Security Support Provider (SSP) component...
In terms of SSL-related vulnerabilities, we’ve been through some serious threats like BEAST, CRIME, HEARTBLEED, and now… POODLE. POODLE is newly discovered attack against the 15-year-old, but extremely common, SSL version 3 protocol. It’s not a cute as it sounds.
A new vulnerability was discovered earlier this week by security researcher Stephane Chazelas and is breaking over various news and security related sites. This has been assigned CVE identifier CVE-2014-6271 and affects all *nix (Unix and Linux) distributions using GNU Bash through to version 4.3.
Patches have been released this week for six newly discovered OpenSSL vulnerabilities, one of which (CVE-2014-0224) allows an attacker with access to SSL traffic to decrypt communications if they have gained access to the SSL traffic. The attack requires vulnerable versions of both client and server software to be in use and will not work if just the client or server is vulnerable.
There has been a great deal of media attention concerning the ‘Gameover ZeuS & Cryptolocker’ threats this week, particularly since the NCA Announcement on Monday, 2nd June 2014. A handful of SureCloud clients and partners have been in contact with us for expert guidance and recommendations to help mitigate the threat. Why is this different from any other attack?
SureCloud®, a supplier of Cloud-based Governance, Risk and Compliance (GRC) solutions, today announced its agile GRC SaaS platform. The SureCloud Platform differs from other solutions by giving organisations immediate visibility of the status and greater overall control of their risk and compliance programmes.
SureCloud®, a supplier of Cloud-based Governance, Risk and Compliance (GRC) solutions, today announced it has been named as a finalist in the 2014 Pathfinder 20 Index of top emerging UK technology companies. Additionally, SureCloud is included in Pathfinder 20’s top 20 Index.
The Heartbleed OpenSSL Vulnerability (CVE-2014-0160) was released on April 7th 2014.
What is Heartbleed?
Heartbleed is a vulnerability (bug) within the Heartbeat extension for the popular OpenSSL package and is compiled by default in within a number of Unix/Linux distributions. The vulnerability affects a component of this extension and if successfully exploited can reveal data in memory on the target host. This could include sensitive private keys and/or sensitive information such as user passwords or other data in a decrypted state.