How to Understand and Improve Your Organisation’s Identity Management

With more people than ever attempting to steal your account credentials, identity management is a key factor in your organisation’s overall cyber security posture. In this blog our Technical Director of Offensive Security Andy Swift explains how to understand and improve your organisation’s identity management. Strong identity management is absolutely critical to maintaining your cyber … Read more

Exploring the Role of Penetration Testing in Budget and Resource Allocation

With public sector budgets stretched and resources at a premium, how can you ensure you’re focusing your efforts in the most impactful areas? In this blog we’ll explore the essential role penetration testing plays in enabling organisations to deploy their security resources to greatest effect, saving wasted effort and optimising security. 2022 is shaping up … Read more

Cyber Essentials Standards Updates: What You Need to Know

The Cyber Essentials Standards have changed. Your organisation will need to adapt if it wants to remain aligned. In this blog our Technical Director – Offensive Security Andy Swift takes you through what you need to know. The Cyber Essentials and Cyber Essentials Plus schemes have been running for several years, and although the recent … Read more

Six Degrees Appoints Darren Norfolk as Chairperson

Six Degrees appoints Darren Norfolk as Chairperson, as David Howson steps down from the role. London, UK, Tuesday 1st February, 2022 – UK-based secure cloud services provider, Six Degrees, has today announced that Darren Norfolk has been appointed to the role of Chairperson. Darren takes over from David Howson, who held the role since April … Read more

HTTP Protocol Stack Remote Code Execution Vulnerability

On 11th January 2022 (as part of patch Tuesday) Microsoft released patches for 97 CVE-numbered vulnerabilities, including a wormable remote code execution in Windows Server (CVE-2022-21907). This means an attacker could utilise the HTTP Protocol Stack (http.sys) on a server inside your network to run malicious code without asking for permission first. The vulnerability has … Read more