Precursor Security

June 10, 2024

Precursor Security has been accepted onto the Crown Commercial Service (CCS) G-Cloud 14 framework, providing us the chance to protect and support mission-critical operations across the UK. Joining G-Cloud is a testament to our commitment to meeting the highest standards of security and service delivery.

June 10, 2024

The Precursor Security Weekly Vulnerability Roundup for week commencing 21st October 2024

June 10, 2024

The Precursor Security Weekly Vulnerability Roundup for week commencing 14th October 2024.

June 10, 2024

A roundup of the vulnerabilities which have been added to the CISA KEV list or have had an increase >10% over the week commencing 7th October.

June 10, 2024

The Precursor Security Weekly Vulnerability Roundup for week commencing 30th September 2024.

June 10, 2024

The Precursor Security Weekly Vulnerability Roundup for week commencing 9th September 2024.

June 10, 2024

A persistent Cross-Site Scripting vulnerability in WooCommerce Subscriptions before version 2.6.3 allowed unauthenticated users to execute malicious scripts in the WordPress admin panel, leading to potential account takeover and privilege escalation, underscoring the importance of timely updates and integrated security practices in development.

June 10, 2024

A blog from our SOC Lead on the ransomware landscape related to Citrix Environments.

June 10, 2024

The Precursor Security Operations Centre have recently achieved the CREST SOC accreditation, validating Precursor’s commitment to delivering the highest quality of Managed Detection & Response (MDR) services to customers.

June 10, 2024

Microsoft Research has revealed that a vulnerability (CVE-2024-37085) exists that allows a malicious actor to obtain administrative control over VMWare ESXi and deploy ransomware. Precursor Managed Detection & Response team have deployed custom detections to protect customers.

June 10, 2024

The cyber insurance market, driven by increasing cyber threats and regulatory demands, is rapidly growing and evolving, with Managed Security Service Providers (MSSPs) playing a crucial role in enhancing security postures and reducing risks for businesses and insurers.

June 10, 2024

Managed Detection and Response is a comprehensive cybersecurity service that proactively identifies, monitors, and responds to threats. MDR takes an active approach in threat detection and response.

June 10, 2024

The Precursor SOC have recently been tracking threat actors continuing to abuse SEO search terms to trick users into installing malware.

June 10, 2024

MITRE, the creators the popular ATT&CK Framework release version 15, with a key focus on detection engineering, visibility and ICS.

June 10, 2024

The Precursor SOC responded to a major cyber incident where the root cause was targeted SEO poisoning. Further investigations uncovered a sophisticated campaign targeting key business sectors in the UK & EU.

June 10, 2024

Extensive regression test coverage allows us to take and test changes quickly. It means even when the pressure is on to ’get it in’, we can still be safe in the knowledge we will not take the product backwards in our haste to be secure.

June 10, 2024

The client did not want or need DevSecOps. What they wanted and needed was an ability to test in an automated manner, adding security testing into their existing test processes by expanding upon their existing automation capabilities.

June 10, 2024

This guide provides steps that can be taken for an organisation looking to implement a basic vulnerability triage process.

June 10, 2024

Microsoft 365 is trusted by organisations large and small for their day to day operations. Email, data storage, document exchange, customer and company critical information are all entrusted to 365 for safe keeping. And yet out-of-the-box, or out-of-the-cloud as is more common, Microsoft 365 security features are configured for usability, rather than maximum security.

June 10, 2024

Communicating cyber security risk to the board can be a key function of senior security roles. While cyber risk oversight is a function of the board, be it fully or partially shared with internal teams such as the audit committee, the implementation, actual operation and management of the security program is not their responsibility

June 10, 2024

Microsoft has been pushing browser-based Microsoft 365 cloud for all office functions. However, their desktop office applications are just as popular as ever – especially Word, Excel and PowerPoint. Which is great news for cyber criminals as the end user workstation is a prime target for attack and often an overlooked link in any cyber security strategy.

June 10, 2024

In our experience, security is often something that is begrudged as taking time and budget from development and customer experience. And if you believe your security comes from your cloud platform, I recommend that you read the ‘shared responsibility’ model that all the cloud providers use to limit their liability from security exposure.

June 10, 2024

June 10, 2024

The legal sector handles highly sensitive information and controls huge sums of money on behalf of major businesses and individual clients alike - which makes it a very attractive target for cyber criminals!

June 10, 2024

NHS DSP toolkit is an abbreviation for the ‘NHS Data Security and Protection Toolkit’. An online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.

June 10, 2024

The Cyber Essentials requirements have undergone numerous updates over the last year, which have impacted both the overall scope of the assessment, as well as each of the key controls.