Get in Touch Close Menu
PCI DSS: Understanding Payment Card Industry Standards
28 April 2023

Electronic payments have changed dramatically over the past few decades, with payment card transactions becoming integral to our daily lives. However, with the convenience of payment cards comes the increased risk of cyber threats and data breaches. Threat actors often find new ways to access sensitive payment card data, and businesses of all sizes are […]

find out more
Guide to Apache Log4j CVE 2021 44228 Vulnerability
29 March 2023

With cybersecurity threats becoming increasingly common and sophisticated over the years, you may be using software vulnerable to CVE 2021 44228 without ever realising it. Most people usually give little thought to installing security updates and patches on their computers and other devices. After all, installation of these security updates might take a while. In […]

Find out more
What Is Patch Management? (Process and Best Practices)
22 March 2023

In today’s world, technology has become a vital part of every organisation, regardless of its size or industry. With this technology comes the risk of vulnerabilities that cybercriminals can exploit to steal sensitive information, disrupt business operations, and cause financial losses. Patch management is a crucial part of any cybersecurity strategy that minimises these risks […]

Find out more
Difference Between Legacy AntiVirus and EDR | Sapphire
13 December 2022

For protecting endpoints such as workstations and servers, antivirus protection has been the traditional go-to. However, with Endpoint Protection and Response (EDR), next-generation protection is available to organisations.

Find out more
Threat Intelligence on Recent Cyberattack by CL0P Ransomware Group   
24 August 2022

The CL0P ransomware group claimed responsibility for the attack on UK-based utility provider South Staffordshire Water. However, they have said there is no impact on the water supply or drinking water safety. 

On its extortion website, CL0P uploaded a vast collection of stolen papers. These included passport scans, spreadsheets with administrator passwords, drivers’ licences, and, concerningly, screenshots of administration interfaces of wastewater treatment systems.  

Find out more
CRING RANSOMWARE
22 April 2022

What is CRING ransomware? In April 2021, Sapphire’s threat intelligence resources identified a sophisticated ransomware campaign utilising the Cring malware and leveraging vulnerability (CVE-2018-13379), identified in 2019, affecting Fortinet VPN Servers.  The cring ransomware attack allowed a threat actor to connect to the VPN appliance without authentication and download session files containing usernames and passwords […]

Find out more
ISO/IEC 27002: Revised Standard
17 February 2022

In November 2021, we published a blog post about the virtues of ISO27001 certification, ‘ISO27001 Certification: Now is the Time to Consider the Benefits’. Now with the publication of the ISO27002 controls, the changes are a great step forward for many organisations, and the reasons are outlined below…

Find out more
Cyber essentials certification updates
2 February 2022

On January 24th 2022, the NCSC (National Cyber Security Centre) and IASME implemented an updated set of requirements for Cyber Essentials.  This update is the most significant overhaul of the scheme’s technical controls since it launched in 2014. The change comes in response to the cybersecurity challenges organisations have faced in the last seven years to ensure the […]

Find out more
ISO 27001 Certification: Now is the Time to Consider the Benefits
19 November 2021

ISO 27001 is a standard set out by the International Standards Organisation that helps your organisation to manage the security of your information assets (electronic/paper, reputational, applications, infrastructure, third parties, etc.). Additionally, the certification helps organisations formulate an Information Security Management System (ISMS) to mitigate the growing number of information and cyber attacks.

Find out more
What does the OWASP 10 mean?
18 November 2021

OWASP selected eight of the ten categories from contributed data and two categories from the Top 10 community survey at a high level. AppSec (Application security) researchers attempt to find new vulnerabilities and new ways to test for them. Because of the nature of the testing, it takes time to integrate these tests into tools and processes.

Find out more
Zero Trust: Agility in Authentication
3 November 2021

During the worst of the covid crisis, organisations implemented many security strategies to deal with the new way of working in the short term. Therefore, they executed them as one-off projects to cover all bases. However, after covid lockdowns, organisations have found a need for long-term strategies for cyber security.   

Find out more
What makes a Good Incident Response Team?
19 October 2021

A cybersecurity incident response team (also known as CSIRT) is a team of cybersecurity experts available to deal with an incident occurring in an organisation. The team can be either internal or external, this depends on the nature of the incident and whether the team is equipped to deal with it effectively.  

Find out more