Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

Pentest People Achieves CREST CSIR Accreditation for Incident Response Services

The CREST Cyber Security Incident Response (CSIR) accreditation is an esteemed certification designed to assure that an organisation has the necessary processes, skills, and capabilities to support clients in mitigating, responding to, and recovering from cyber incidents. CREST, a globally recognised accreditation body, sets the benchmark for high standards in cyber security, ensuring that accredited companies deliver excellence in every facet of cyber response services.

3 ways real companies complete security questionnaires faster

Security reviews are a critical step in the buying process where prospects assess your organization’s security posture and evaluate the risks associated with your business. The process typically occurs just before a deal is signed and sealed—when the stakes are especially high. ‍ Anyone who’s been involved in a security review before knows all too well how time-consuming, clunky, and manual the process can be.

Ekran System Is Now Syteca

We’re excited to announce that at long last, our highly anticipated brand refresh is complete: Ekran System Inc. is now officially Syteca Inc.! Our new name reflects the evolution of our product and our growth as a trusted provider, delivering the capabilities needed to enhance your organization’s cybersecurity. The same team behind Ekran System now brings you the Syteca platform: a more powerful and flexible software solution to meet your unique cybersecurity needs.

Enhancing Detection Fidelity: Fight Alert Fatigue with Accurate and Reliable Detections

In today's rapidly evolving cybersecurity landscape, the importance of detection fidelity cannot be overstated. Security operations center (SOC) teams are overwhelmed by the sheer volume and complexity of alerts and challenged to differentiate genuine threats from false positives.

Beyond Passwords: Advanced API Authentication Strategies for Enhanced Security

Passwordless authentication for end users is taking the world by storm, offering organizations and individuals alike unprecedented security, user experience, and efficiency benefits. By all indications, the next generation of authentication for end users has finally arrived, sending the password the way of the dodo. Although they don’t get anywhere near the same hype, advanced authentication strategies for APIs are as critical as passwordless authentication for end-users.

Creating noise: The emerging obfuscation technique designed to evade email security NLP detection capabilities

Our Threat Intelligence team has observed an emerging obfuscation technique, specifically used to make Natural Language Processing (NLP) detection capabilities less effective. Broadly, malicious actors are adding additional characters, break lines, and legitimate links to the end of a phishing email in an attempt to disguise their malicious payloads amongst the noise and evade NLP detection.

New Bumblebee Loader Infection Chain Signals Possible Resurgence

Bumblebee is a highly sophisticated downloader malware cybercriminals use to gain access to corporate networks and deliver other payloads such as Cobalt Strike beacons and ransomware. The Google Threat Analysis Group first discovered the malware in March 2022 and named it Bumblebee based on a User-Agent string it used. The Netskope Threat Labs team discovered what seems to be a new infection chain leading to Bumblebee malware infection, and our findings corroborate those shared by other researchers.

Securing Continuous Integration and Delivery Pipelines

Modern software development teams will have individual preferences about whether to use IDEs or which testing framework or coding convention to adopt. However, for teams that want to deliver high-quality software at a rapid pace, continuous integration and continuous delivery (CI/CD) is a must-have. Mature, high-performing dev teams lean heavily on their CI/CD pipeline. Because of this heavy dependence on CI/CD, ensuring the security of your CI/CD pipeline is incredibly important.

Streamlining Security Documentation for London SMEs

Security documentation is a huge concern for small and medium businesses in London due to the rapidly changing business environment. As these companies start doing more things online, security documentation is not an option but a dire need. With good security documentation, you will be able to protect all the vital information and compliance requirements. How can your business be managed effectively? Let's have a look at the essentials.