NCC Group

💜𝗪𝗿𝗮𝗽𝗽𝗶𝗻𝗴 𝘂𝗽 𝗜𝗻𝘁𝗲𝗿𝗻𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗪𝗼𝗺𝗲𝗻'𝘀 𝗗𝗮𝘆 𝗖𝗲𝗹𝗲𝗯𝗿𝗮𝘁𝗶𝗼𝗻𝘀 𝗵𝗲𝗿𝗲 𝗮𝘁 𝗡𝗖𝗖 𝗚𝗿𝗼𝘂𝗽! 💜   This month has been a powerful reminder of the incredible strength, resilience, and achievements of women around the world.   From inspiring speakers to engaging workshops and conversations, we've celebrated the diverse contributions of women in our industry across all regions. Our collective efforts to promote gender equality, create an environment where everyone can thrive, backed by a commitment to #AccelerateAction has been inspiring.   A huge thank you to all of our colleagues and partners who participated, shared their stories, and supported our initiatives - as well as our Gender Steering Committee for being the driving force.   Here are some final words from colleagues across the Group on what #𝗔𝗰𝗰𝗲𝗹𝗲𝗿𝗮𝘁𝗲𝗔𝗰𝘁𝗶𝗼𝗻 means to them.   Let's continue to champion equality, break barriers, and create opportunities every day of the year.

🚨 𝗖𝗮𝘀𝗲 𝘀𝘁𝘂𝗱𝘆: 𝗦𝗮𝗳𝗲𝗣𝗮𝘆 𝗿𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗶𝗻𝗰𝗶𝗱𝗲𝗻𝘁    Weak passwords and a misconfigured firewall left one organisation exposed to a ransomware attack, investigated by our DFIR team at NCC Group. The attackers exploited a Fortigate VPN misconfiguration, escalated privileges via a weak domain admin account, and used SafePay ransomware to encrypt critical servers.    🛠️ 𝗞𝗲𝘆 𝗶𝗻𝗰𝗶𝗱𝗲𝗻𝘁 𝗵𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀:  ✅ Firewall misconfig allowed VPN login without MFA  ✅ QDoor backdoor deployed using process hollowing  ✅ Lateral movement via RDP & SMB shares  ✅ SafePay ransomware executed with anti-recovery tactics and ChaCha20 encryption  ✅ System-wide admin password reset by the attackers    💡 𝗟𝗲𝘀𝘀𝗼𝗻: Security fundamentals matter. Misconfigurations + weak passwords = easy wins for threat actors.    👉 Read the full technical breakdown by Molly D. here➡️ https://lnkd.in/eW-sreWm #incidentresponse #DFIR #ransomware #SafePay #credentialaccess #MITREATTACK #threatintel  

A very warm farewell to our friends and colleagues in Fox Crypto who today join CR Group!  The sale of Fox Crypto, announced on 1 August 2024 is now complete, marking an important milestone for NCC Group, Fox-IT and the departing specialist Fox Crypto product team. We wish Fox Crypto and CR Group all our best for the future.  Fox-IT, which recently celebrated its 25-year anniversary, brings best in class cyber resilience expertise to clients in the Netherlands and Benelux. Building on its strong heritage and market leadership in managed security services and cyber incident response, Fox-IT supports businesses and institutions and works in close partnership with police and international bodies such as collaborating on Project Melissa.  📡 Michael Maddison, NCC Group CEO comments:  “We are laser focused on delivering our strategy to simplify and focus the Group on world class full service cyber resilience. Completing the sale of Fox Crypto is an important step in enabling further investment and growth for Fox-IT and our global cyber security business. Fox-IT recently celebrated 25 years at the heart of the Dutch and Benelux cyber industry and is deploying that cyber security heritage to create a more secure digital future. We are enormously thankful to our departing colleagues at Fox Crypto and wish them our very best as they pursue opportunities under new ownership.”  👉 https://lnkd.in/emCDXjkw

How do you currently manage security alerts in your organisation? Add a comment below if you have a different answer 👇 #MXDR #ThreatDetection #ManagedSecurity #SecurityOperations

𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗮𝗻𝗮𝗹𝘆𝘀𝘁 - 𝗖𝗮𝗿𝗲𝗲𝗿 𝗢𝗽𝗽𝗼𝗿𝘁𝘂𝗻𝗶𝘁𝘆   It’s our people that make NCC Group exceptional. A phenomenal global network working together with clients, partners and the cyber industry to create a more secure digital future.   Lisa Wood, Head of Attack Surface Management (UK) shares more about the opportunity to join our team as a 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗔𝗻𝗮𝗹𝘆𝘀𝘁.   "We're looking for a customer-centric Vulnerability Analyst, where you'll work alongside top security experts to uncover and mitigate attack surface risks for our clients.   In this role, you won’t just identify vulnerabilities-you’ll be a trusted advisor, delivering clear, actionable insights that help businesses strengthen their defences through intelligent remediation prioritisation. Your expertise will play a crucial role in protecting organisations from cyber threats, all while growing your own skills in a dynamic, collaborative environment.   If you thrive on solving complex security challenges and want to be part of a team that values innovation, impact, and professional growth, this is your opportunity to shine!"    𝗔𝗽𝗽𝗹𝘆 𝗻𝗼𝘄 𝗮𝗻𝗱 𝗯𝗲𝗰𝗼𝗺𝗲 𝗽𝗮𝗿𝘁 𝗼𝗳 𝗼𝘂𝗿 𝘁𝗲𝗮𝗺!  https://lnkd.in/e4fUexiH

NCC Group had a great afternoon attending RenewableUK Cyber Security Summit yesterday.   Sian John MBE joined a panel to discuss cyber resilience in renewable energy, and the tools and awareness needed to respond to evolving threats.   Special thanks to Renewable UK for organising a great event and we look forward to supporting your members in the future.   #renewableenergy #cybersecurity #rukcs25 Katie Rance Sean Arrowsmith 

🚨 𝗡𝗲𝘄 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗱𝗶𝘀𝗰𝗹𝗼𝘀𝘂𝗿𝗲: 𝗘𝗦𝗣-𝗜𝗗𝗙 𝗕𝗹𝘂𝗙𝗶 𝗿𝗲𝗳𝗲𝗿𝗲𝗻𝗰𝗲 𝗮𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻  NCC Group has disclosed several vulnerabilities in Espressif Systems' BluFi reference application, impacting ESP-IDF versions 5.0.7 through 5.3.1. 🔍 𝗞𝗲𝘆 𝗳𝗶𝗻𝗱𝗶𝗻𝗴𝘀 𝗶𝗻𝗰𝗹𝘂𝗱𝗲:  • Multiple high-risk buffer overflows allowing potential remote code execution via Bluetooth  • Unauthenticated Diffie-Hellman key exchange, exposing users to Man-in-the-Middle (MitM) attacks  • Use of outdated cryptographic practices, including 1024-bit finite field DH and lack of message authentication 📡 𝗜𝗺𝗽𝗮𝗰𝘁: Attackers within Bluetooth range could exploit these flaws to compromise ESP32 devices, leak sensitive data such as WiFi credentials, or hijack device behaviour.  💡 𝗢𝘂𝗿 𝗿𝗲𝗰𝗼𝗺𝗺𝗲𝗻𝗱𝗮𝘁𝗶𝗼𝗻: We strongly advise developers using BluFi to review these findings and harden their implementations by improving input validation, adopting authenticated key exchanges (e.g., ECDH), and using modern AEAD ciphers like AES-GCM.    Kudos to researcher James Chambers for leading this important work and helping to keep the IoT ecosystem safer! 🔐    You can read the full findings here: https://lnkd.in/eJimfTJB #IoTSecurity #bluetooth #embeddedsecurity #vulnerabilitydisclosure #cybersecurity #Espressif #ESP32 #BluFi    

🚨 Ransomware tactics are evolving—are you keeping pace? Join us on 23rd April 2025 for our next Cyber Threat Intel Webinar, hosted by 👤 Matt Hull, our Global Head of Threat Intelligence.   This month’s session includes a spotlight on the healthcare sector—a timely look at why this industry is increasingly being targeted by threat actors. It will also feature a guest appearance from Kurt Osburn, Healthcare Practice Director at NCC Group.    The two will discuss the brand new findings our Cyber Threat Intelligence team are researching, and what global healthcare organisations can do to defend against these dangerous and sophisticated threat actors. They will also touch on some of the cyber regulations and standards that are being rolled out to increase resilience across the sector and its supply chain.    This won't be one to miss - register now!   📅 Date: 23 April 2025 ⏰ Time: 4pm BST/ 11am EDT  🔗 Register here: https://lnkd.in/evYXeRqF #webinar #threatintelligence #cyberthreats #healthcare #ransomware #cyberresilience

We’re proud to be returning as Technical Masterclass Sponsor of CYBERUK in 2025. Our support for CYBERUK’s Technical Masterclass programme goes right back to its inception and is rooted in our commitment to developing technical cyber security excellence. This year, we’re excited to bring another fantastic programme of Technical Masterclasses to Manchester in May. Want to learn more? Apply to attend or see the full agenda featuring a number of NCC Group speakers here https://lnkd.in/erjgXpuS #CYBERUK25 #CyberSecurity #CyberSecurityEvents #UKCyber #TechnicalMasterclasses

🚀 NCC Group is Heading to RSA Conference 2025! 🎸 Cyber threats are evolving—so should your strategy. Join NCC Group at RSAC 2025 in San Francisco as we bring together industry leaders to discuss cutting-edge, holistic security solutions that keep businesses ahead of the curve. Let’s Make Security Louder. Book a meeting with our team, attend our session, or grab a VIP spot at our reception. We’re not just talking security—we’re amplifying it. Let's connect! Still need to register? Click the link below. https://lnkd.in/eeAJCu7 P.S. Save with Exclusive Discounts from Cloud Security Alliance® Expo Complimentary Code: 1U5CSAXPO Full Conference $150 Discount Code: 1U5CSAFD #RSAConference #Cybersecurity #RockAndRoll #NCCGroup