Resources, Whitepapers and Blog Information

BLOG: Part 2 – Enhancing Supply Chain Resilience with the Updated NIST Cybersecurity Framework 2.0
In our previous blog, we delved into the comprehensive updates...
BLOG: Navigating Cybersecurity Excellence – Understanding the NIST Cybersecurity Framework 2.0
The National Institute of Standards and Technology (NIST) has unveiled...
BLOG: Championing Diversity in Cybersecurity – Honouring International Women’s Day
As we celebrate International Women’s Day, it’s essential to recognise...
BLOG: A Closer Look at Cyber Risk Ratings and Policy Evaluation
Cyber threats loom large and data breaches are increasingly common,...
BLOG: Cupid’s Guide to Cybersecurity – Strengthening Your Digital Defenses
As we embrace the spirit of Valentine’s Day, it’s crucial...
BLOG: Optimising Threat Response with Advanced Attack Surface Analysis
In the ever-evolving landscape of cybersecurity, staying one step ahead...
BLOG: Empowering Managed Security Services Analysts – Navigating Threat Landscapes
Managed Security Services Analysts are essential in the constantly evolving...
BLOG:  Building Effective Incident Response Plans
The ability to respond swiftly and effectively to these cybersecurity...
BLOG: The Cybersecurity Regulatory Landscape – Challenges and Solutions
Businesses are navigating a complex web of cybersecurity regulations designed...
BLOG: The Role of Attack Surface Reduction in Cybersecurity
The concept of attack surface reduction has emerged as a...
BLOG: Enhancing Vendor Security Assessments – Key Focus Areas for Assessors
As companies increasingly rely on third-party vendors, maintaining strong vendor...
BLOG: RBVM’s Influence on Business Continuity and Resilience
The constant evolution of cyber threats presents a formidable challenge...
BLOG: Amplifying Defence for Small Teams – Cyber Risk Ratings Against Significant Threats
Despite their size, small teams hold vital data and assets,...
BLOG: Streamlining Vulnerability Management with Cyber Risk Ratings
With the ever-evolving nature of cyberattacks, organisations are constantly grappling...
BLOG: Mitigating Cyber Supply Chain Attacks – Insights from the NCSC Warning
The warning issued today by the UK’s National Cyber Security...
BLOG: Decrypting Cyber Threat Intelligence – How Insights Empower Proactive Security
In the contemporary digital landscape, where the threat matrix is...
BLOG: Mastering CBEST – The Power of Intelligence Led Pen-Testing for Financial Institutions
The Cyber Security Testing Framework (CBEST), established by the Bank...
BLOG: Fortifying Business Defences – Navigating the Threat of Supply Chain Compromise in Cybersecurity
The realm of cybersecurity faces a growing menace in the...
BLOG: Elevating SMB Cybersecurity with Risk-Based Strategies
At a time when small and medium-sized businesses (SMBs) are...
BLOG: Cryptojacking Unveiled – Detecting and Combating the Stealthy Threat of Mining Malware
Cryptojacking has quietly gained ground as a stealthy form of...
BLOG: How Cyber Risk Ratings Transform Security for Small Teams
Cybersecurity is a critical concern for businesses of all sizes....
BLOG: Strengthening Cyber Defence with External Attack Surface Management
Digital transformation brings many benefits, but it also exposes organisations...
BLOG: Transforming Regulatory Approaches with Cyber Risk Ratings
Organisations, both large and small, face an increasing array of...
BLOG: Redefining Limits – Cyber Risk Ratings as Catalysts for Small Team Security Triumphs
Data breaches and cyberattacks loom around every virtual corner, cybersecurity...
BLOG: The Impact of Cyber Risk Intelligence on Insurer Value Propositions
As insurers strive to offer comprehensive coverage and risk management...
BLOG: Building Trust through Advanced Third-Party Risk Assessment
Businesses rely heavily on third-party vendors and partners to augment...
BLOG: Small Team, High Stakes – Elevating Cybersecurity through Actionable Risk Insights
Your team’s size is not the decisive factor in your...
BLOG: Risk Intelligence Revolution – Cyber Ratings Redefine Insurance Risk Management
From data breaches to ransomware attacks, organisations of all sizes...
BLOG: How Cyber Risk Ratings Empower Regulatory Vigilance
Companies must navigate a complex landscape of rules and regulations...
BLOG: How Cyber Risk Intelligence Empowers Insurer Risk Assessment
As insurers evaluate their policies and assess the risks associated...
BLOG: Navigating Emerging Risks with Cyber Threat Intelligence
From data breaches to ransomware attacks and supply chain vulnerabilities,...
BLOG: Securing Your Digital Perimeter with Actionable External Attack Surface Intelligence
Your organisation’s digital perimeter now extends to the vast virtual...
How Cyber Risk Ratings Revolutionise Regulatory Preparedness
The cyber threat landscape is constantly changing. Maintaining compliance has...
BLOG: Leveraging Risk Intelligence in Vulnerability Management
Threats are evolving at an unprecedented pace and as a...
BLOG: How Cyber Threat Intelligence Enhances Incident Response and Recovery
Organisations must maintain constant vigilance to safeguard their sensitive information...
BLOG: The Anatomy of a Third-Party Data Breach – Understanding the Vulnerabilities
Predictably, the surge in data breaches has instilled a sense...
BLOG: How Proactive Cyber Threat Intelligence Fortifies Risk Mitigation
Proactive cyber threat intelligence is becoming more important as a...
BLOG: Understanding Your External Attack Surface
One crucial aspect that often goes overlooked is your organisation’s...
BLOG: Optimising Cyber Insurance Policy Pricing – The Risk-Reducing Power of Cyber Risk Ratings
Organisations, regardless of their size or industry, face the ever-present...
BLOG: Outsmarting Cyber Adversaries – A Closer Look at External Attack Surface Management
Organisations are presented with a significant challenge in protecting their...
BLOG: The Consequences of Inadequate Cybersecurity Measures for Organisations
The effective utilisation of interconnected systems, data, and technology is...
BLOG: Enhancing Third-Party Risk Management with Cyber Risk Ratings
Organisations are relying more and more on third-party vendors to...
BLOG: Assessing an Organisation’s Cybersecurity Posture – The Importance of Cyber Risk Ratings
Robust cybersecurity measures are crucial in today’s business landscape where...
BLOG: Challenges and Solutions in Implementing a Risk-Based Vulnerability Management Program
Organisations face a constant threat of potential vulnerabilities in today’s...
BLOG: From Vulnerabilities to Vendor –  Prioritising Third-Party Risk with Cyber Risk Ratings
Businesses increasingly rely on third-party vendors for various aspects of...
CTI Weekly: Important Updates -Anonymous Sudan Claims Microsoft Data Theft, MOVEit Data Theft Campaign, ALPHV Malware Distribution, Port of Nagoya Ransomware Attack, DDoS Alerts, Google Analytics Risks
Key Issue: Anonymous Sudan claims to have stolen Microsoft customer...
BLOG: The Potential Consequences of Cyber Attacks – Why Small Businesses Need to Take Cybersecurity Seriously
Large corporations often dominate headlines when they fall victim to...
CTI Weekly: Threat actors claiming to be affiliated with PMC Wagner target Russian entities
Key Issue: Threat actors claiming to be affiliated with PMC...
BLOG: Cyber Risk Ratings – Fostering Transparency and Accountability in Cybersecurity Regulation
In a period marked by ever-evolving cyber threats and growing...
CTI Weekly: Important Updates – Clop Ransomware, Anonymous Sudan DDoS, Russian Threat Actors, and VMWare Security Advisory
Key Issue: Clop ransomware group starts extorting victims of MOVEit...
BLOG: Know Your Threats- Leveraging External Attack Surface Management for Cyber Defence
The expanding attack surface has subsequently and unsurprisingly caused an...
CTI Weekly: Zero-Day Vulnerability Exploited by Ransomware Groups & CISA Directive on Network Device Security
Key Issue: New victims disclosed in data theft campaigns leveraging...
BLOG: Why Accurate Cyber Risk Ratings are Essential for Insurer Success
Cyber threats have become a significant concern for organisations across...
BLOG: Mitigating Risk Exposure – The Benefits of Cyber Risk Ratings for Small Teams
In the current era of extensive digital connectivity, the threat...
BLOG: Making Informed Decisions – Enhancing Third-Party Risk Management with Cyber Risk Ratings
In the ever-evolving landscape of modern business, effectively managing third-party...
CTI Weekly: Hacktivist Group Expands Tactics to Extortion, Zero-Day Vulnerability Exploited, AlphV Ransomware Upgrade
Key Issue: Anonymous Sudan targets Scandinavian Airlines in DDoS extortion...
BLOG: Exploring How Outsourcing Amplifies Cyber Risks
While outsourcing can offer numerous benefits, it is crucial to...
CTI Weekly: Chinese State-Sponsored Threat Actor Engages in Targeted Intelligence Gathering, New Ransomware Campaign by FIN7, Manufacturing Sector Breaches & Compromises
Key Issue: Chinese state sponsored threat actor Volt Typhoon compromised...
BLOG: Key Components of an Effective Third-Party Risk Management Programme
As the business landscape becomes more interconnected, organisations are increasingly...
BLOG: Taking the Lead – How Cyber Risk Ratings Give MSPs a Competitive Edge
In the ever-evolving landscape of cybersecurity threats, managed service providers...
CTI Weekly: Indictment of Russian Citizen Linked to Major Ransomware – USD 10M Reward, Cybercrime Challenges & Espionage Revelations
Key Issue: The US indicts a Russian ransomware operator and...
BLOG: How Cyber Risk Ratings Can Help Regulators Stay Ahead of the Curve
Regulators face the critical challenge of staying ahead of emerging...
BLOG: Streamlining Third-Party Risk Management with Cyber Risk Ratings – Enhancing Security and Efficiency
In an increasingly interconnected digital landscape, organisations increasingly rely on...
BLOG: Challenges and Solutions in Implementing a Risk-Based Vulnerability Management Program
In the ever-changing digital landscape of today, organizations are confronted...
CTI Weekly: NSA warns of sophisticated Russian cyber espionage tool ‘Snake’; new phishing tool ‘Greatness’ bypasses MFA; financial fraud campaign targets Italian banks; Akira ransomware hits corporate networks and more
Key Issue: Security agencies release joint Cybersecurity Advisory tracking Russian...
BLOG: The Importance of Continuous Risk Monitoring – Maintaining Cybersecurity for Small Businesses
In today’s digital age, small businesses are increasingly reliant on...
BLOG: The Benefits of Third-Party Cyber Risk Ratings Over Self-Reported Data
As the world becomes increasingly reliant on technology, the risks...
BLOG: Beyond Compliance – How Cyber Risk Ratings Can Drive a Culture of Cybersecurity in Regulated Industries
The world we live in today is increasingly interconnected and...
BLOG: Integrating Risk-Based Vulnerability Management into Your IT Security Framework
In today’s digital world, the technological landscape is constantly evolving,...
CTI Weekly: LockBit RaaS claims supply chain breach of 60+ companies; SpecTor operation nabs 288 dark web drug trade suspects; FBI seizes illicit crypto exchange websites; and more cybersecurity news
Key Issue: LockBit claims to have breached more than 60...
BLOG: Why CVE Vulnerability Prioritisation Should Be Part of Every MSPs Client’s Cybersecurity Strategy
In today’s world of rapidly evolving cyber threats, cybersecurity has...
BLOG: Leveraging Technology to Enhance Your Third-Party Risk Management Program
In today’s interconnected business landscape, third-party relationships are a critical...
BLOG: Communicating the Business Value of Risk-Based Vulnerability Management to Stakeholders
Risk-based vulnerability management is a critical component of any organization’s...
BLOG: Data-Driven Cyber Risk Ratings  – The More Accurate and Reliable Assessment for Small Businesses
As the reliance on digital systems to manage and safeguard...
CTI Weekly: Ethical hackers take over ESA satellite, paperCut vulnerability exploited for data theft, Indian insurance regulator potential breach, LockBit targets Indian loans provider and more
Key Issue: US Ethical hackers seize control over European Space...
BLOG: The Role of CVE Prioritisation in Compliance and Risk Management
With the increasing number of cyber attacks, organisations must continuously...
BLOG: Automated Vulnerability Scanning: Pros, Cons, and Best Practices
With thousands of vulnerabilities being identified and published each year,...
BLOG: Why Insurers Should Use Cyber Risk Ratings to Improve Underwriting
As cyber-attacks continue to rise in frequency and severity, cyber...
BLOG: Cyber Risk Tailored to Your Needs – The Flexibility of Orpheus Cyber Risk Ratings for Small Businesses
As a small business owner, you may be aware of...
CTI Weekly: 3CX breach highlights the risk of cascading supply chain compromises
3CX, a VoIP desktop client provider used by high-profile organizations,...
BLOG: Beyond Firewalls and Antivirus Software – Why Orpheus Cyber Risk Ratings are Stronger for Small Businesses
Firewalls and antivirus software are essential tools for protecting against...
BLOG: Incident Response and Business Continuity – Preparing for the Worst with Risk Based Vulnerability Management
The growing dependence of businesses on technology has unsurprisingly led...
CTI Weekly: US Intelligence Leak Links Russia to Threat Actors
Highly confidential intelligence documents, allegedly leaked from the US Pentagon,...
BLOG: Mitigating Financial and Reputational Losses Through Third-Party Risk Regulation
In today’s globalised economy, companies often rely on third-party vendors, suppliers, and...
CTI Weekly: Insight into Russian cyber-industrial complex, Easter phishing lures, UNC4466’s activities and Genesis Market seized
Key Issue: Vulkan Files provide unique insight into Russian cyber-industrial...
BLOG: Patching The Reserved – Highly Exploitable Kernel Bugs in Purgatory
Written by Femke Bolle & Alex Ashby The CVE release...
CTI Weekly: New supply chain campaign leverages the popular 3CX VOIP desktop client
Researchers recently reported on a supply chain compromise campaign that...
BLOG: Protect Your Organization – The Importance of Implementing a Risk-Based Vulnerability Management Program
Organizations of all sizes need to implement a risk-based vulnerability...
CTI Weekly: Ransomware group adds 53 companies to its leak site within 48 hours
Between March 22 and 24, the Clop ransomware group added...
CTI Weekly: Increasingly extreme extortion tactics leveraged by ransomware groups
Cybercriminals are using new tactics to extort victims for ransom,...
BLOG: Latitude Financial Hack – What Do We Know So Far?
Latitude Financial, an Australian non-bank lender that provides consumer loans...
CTI Weekly: HiatusRAT malware is targeting business-grade routers to collect intelligence
The Hiatus campaign is using a new malware called HiatusRAT...
BLOG: The Female Cyber Security Revolution – How Women are Transforming the Industry
The field of cybersecurity has long been dominated by men,...
BLOG: The Growing Challenge of Controlling Third-Party Risk in a Global Economy
In today’s global economy, businesses rely on an ever-growing network...
CTI Weekly: EX-22 allows malware to spread in corporate networks
This week we reported on a new post-exploitation framework labelled...
CTI Weekly: HardBit ransomware demands insurance details to facilitate negotiations
This week we reported on a recently identified ransomware group...
CTI Weekly: US hospital chain first to disclose data breach following GoAnywhere compromise
This week we reported on a data breach that exposed...
BLOG: The Dark Side of Cupid – The Motives of Cyber Threat Actors on Valentine’s Day
Valentine’s Day is a time to celebrate love and show...
Cyber Threat Intelligence Weekly Update: 10th February 2023
ESXi VMware servers targeted in global ransomware campaigns This week...
BLOG: The Hidden Dangers of Cybersecurity – Protecting Your Business from Online Threats
One of the biggest dangers in cybersecurity is the hidden...
Cyber Threat Intelligence Weekly Update: 6th February 2023
Pro–Russian hacktivists target global healthcare entities with DDoS This week...
Cyber Threat Intelligence Weekly Update: 27th January 2023
United States Justice Department disrupt Hive Ransomware operations This week...
BLOG: How AI Is Leveraged Across The Threat Landscape
Artificial intelligence (AI) is increasingly used to provide solutions across...
Cyber Threat Intelligence Weekly Update: 20th January 2023
Key Issue: Sandworm linked to CaddyWiper compromise of Ukrinform’s info...
BLOG: Navigating the Complexities of Threat-Led Ratings
As businesses and organisations continue to rely heavily on technology...
BLOG: What Is A Cyber Risk Score And Why You Should Care About It
A cyber risk score is a numerical rating representing an...
BLOG: The Growing Need for Cyber Threat Intelligence in Today’s Digital Age
In today’s digital age, organisations of all sizes and industries...
BLOG: Cyber Risk Ratings Without Questionnaires
Questionnaires are commonly used in the process of assessing and...
Cyber Threat Intelligence Weekly Update: 13th January 2023
Key Issue: Royal Mail compromised using LockBit ransomware, disrupting its...
Threat intelligence weekly update | 6th January 2023
Key Issue: Slack discloses data breach affecting its GitHub code...
Threat intelligence weekly update | 30th December 2022
Key Issue:  Ransomware groups increasingly compromise healthcare sector entities Cybercriminals: ...
Threat intelligence weekly update | 23rd December 2022
Key Issue: Suspected Russian threat actors target Ukrainian military application...
BLOG: Seasonal Cyber Threats to the Retail Sector
For the retail sector, the holiday season running from October...
Threat intelligence weekly update | 16th December 2022
Key Issue: FBI targeted in data exfiltration campaigns Cybercriminals: Multiple...
Threat intelligence weekly update | 9th December 2022
Key Issue: North Korea-backed APT37 leverages Internet Explorer zero-day vulnerability...
Threat intelligence weekly update | 2nd December 2022
Key Issue: International law enforcement operations disrupt cybercriminal groups Cybercriminals:...

Week 47 | 21st – 25th November 2022

Friday 25th November 2022

Week 47 | 21st – 25th November 2022
Key Issue: Email cyberattacks targeting Arab countries rise in run...

Week 46 | 14th – 18th November 2022

Friday 18th November 2022

Week 46 | 14th – 18th November 2022
Key Issue: Lazarus Group targets multiple countries with DTrack malware...

Week 45 | 7th – 11th November 2022

Friday 18th November 2022

Week 45 | 7th – 11th November 2022
Key Issue: Russian state unit Sandworm linked to Prestige ransomware...

Week 44 | 31st Oct– 4th Nov 2022

Tuesday 8th November 2022

Week 44 | 31st Oct– 4th Nov 2022
Key Issue: Two high-severity vulnerabilities found in OpenSSL software Cybercriminals:...
Week 43 | 24th – 28th October 2022
Key Issue: Large-scale domain typosquatting campaign delivers commodity malware Cybercriminals:...
BLOG: Small Businesses Vulnerable To Cyber Attacks
Ransomware and cyberattacks have seen a significant increase in intensity...
Week 42 | 17th – 21st October 2022
Key Issue: Australian businesses continue to be targeted by cybercriminal...
Week 41 | 10th – 14th October 2022
Key Issue: PoC published for Fortinet vulnerability following mass exploitation...
PRESS RELEASE: Aravo and Orpheus Cyber Partner
SAN FRANCISCO and LONDON – Oct. 19, 2022 – Aravo and...
BLOG: Threat Actors Smishing Via UK Gov Energy Bills Support Scheme
Expectedly, threat actors will stop at nothing to infiltrate all...

Week 40 | 3rd – 7th October 2022

Friday 7th October 2022

Week 40 | 3rd – 7th October 2022
Key Issue: Zero–day Microsoft Exchange vulnerability mitigation can be bypassedCybercriminals:...

Week 39 | 26th – 30th September 2022

Friday 30th September 2022

Week 39 | 26th – 30th September 2022
Key Issue: FIN7 adopts new tactics and upgrades ALPHV ransomware...
BLOG: The NCSC Releases guidance on protection retailers can take to prevent attacks
The NCSC published a report last week outlining the increased...
IntSum – Week 37 | 12th – 16th September 2022
Key Issue: Former Conti affiliates target Ukrainian organisations Cybercriminals: Cybercriminals...
BLOG: FBI, CISA and MS-ISAC Issues Cybersecurity Warning For Educational Sector
Over the past several years, the educational sector has been...
BLOG: Orpheus Cyber Is One Of Six UK-based Startups Chosen To Participate In AWS Defence Accelerator
Amazon Web Services (AWS) has selected 10 startup participants for...
IntSum – Week 36 | 5th – 9th September 2022
Key Issue: Hive ransomware affiliates compromise French fashion giant DamartCybercriminals:...
IntSum – Week 35 | 29th August – 2nd September 2022
Key Issue: Location data broker Kochava sued for selling sensitive...
IntSum – Week 35 | 29th August – 2nd September 2022
Key Issue: Location data broker Kochava sued for selling sensitive...
What To Do When Your Cyber Insurance Policy Doesn’t Cover You For A Critical Attack?
Dealing with the removal of cover of catastrophic nation-state attacks...
IntSum – Week 32 | 8th – 12th August 2022
Key Issue: Cybercriminals leverage new C2aaS platform for malware campaigns...
IntSum – Week 33 | 15th – 19th August 2022
Key Issue: USD 6 million worth of in–game items stolen...
BLOG: Are Smaller Organisations Less At Risk Of Cybersecurity Attacks?
Today’s cyber threat landscape means that no business is completely...

BLOG: What Are Vulnerabilities?

Tuesday 26th July 2022

BLOG: What Are Vulnerabilities?
The cyber threat landscape is endlessly evolving and advancing, the...

BLOG: Choosing The Right Vendor

Friday 22nd July 2022

BLOG: Choosing The Right Vendor
Finding a vendor has never been an easy task. The...
BLOG:  Why Cybersecurity Needs To Be A Priority For The Education Sector
Despite the development of many cyber security measures that can...
BLOG: US Eye Clinic Suffers Data Breach Impacting 92,000 Patients
A healthcare clinic based in Missouri has informed US regulators...
BLOG: Biden Signs Two Bills to Enhance Government Cybersecurity
On Tuesday, June 21 President Biden signed two crucial cybersecurity...
BLOG: Risk Compliance – How Organisations can keep safe and avoid penalties
Compliance risk is an organisation’s potential exposure to legal penalties,...
BLOG: How Continuous Risk Monitoring of Supply Chains is Key to Every Business
Building connections and relationships with third parties are great and...
BLOG: How Vulnerable MSP’s Are to Threat Actors
Today’s cyber threat landscape has made it a necessity for...

BLOG: Understanding Cyber Risk

Wednesday 4th May 2022

BLOG: Understanding Cyber Risk
Cyber risk is the probability of exposure or loss resulting...
BLOG: How Cyber Risk Ratings Can Help MSPs Protect Businesses from Data Breaches
The tactics and strategies of threat actors mean that no...
BLOG: Reducing Cyber Risk When Doing Business with a New Vendor
Organizations are becoming alert to the risks of supply chain...
BLOG: How Cyber Risk Ratings Are Building Real Time Cybersecurity
A high-quality cyber risk rating is an asset for organizations....
PRESS RELEASE:  City Corporation launches new cyber security innovation challenge supported by Microsoft
The City of London Corporation is launching a new cyber...

BLOG: Vendor Risk Management

Wednesday 16th March 2022

BLOG: Vendor Risk Management
Organisations are delegating more of their business procedures to third...
BLOG: Women In Cyber – What Progress Are We Making?
Cybersecurity is a critical topic for all countries however, the...
BLOG: Suspected state front FreeCivilian publishes Ukrainian government data after DDoS and wiper attacks 
Executive Summary  On 24 February, our research uncovered that several...
BLOG: Third-Party Risk Management Lifecycle
Third party risk management has become a key focus for...
BLOG: Why Cybersecurity Needs Diversity & Inclusion
Instinctively, as a society, we are aware that diversity and...
BLOG: The Security and Vulnerability Management Market Size Estimated To Be Worth $15.86 Billion by 2030
A report published by The Brainy Insights found that the...
BLOG: Threat Actors – Every Day Is Valentine’s Day
Threat actors will always find ways to utilise occasions to...
BLOG: Cyberattacks on the United States Government
A wide variety of United States Government institutions have been...

BLOG: The Growing Threat of Cyberattacks

Wednesday 26th January 2022

BLOG: The Growing Threat of Cyberattacks
While there are a multitude of threats and risks threatening...
BLOG: Biggest Cyber Risks Threatening the United States
The largest risks to the cyber security world continue to...
BLOG: US and Israel Announce Joint Cybersecurity Task Force
A partnership between the United States and Israel to support...
BLOG: What Are The Signs Of A Phishing Attempt?
Phishing attacks affect individuals and organizations spread across the globe;...

BLOG: Wiper Malware

Friday 14th January 2022

BLOG: Wiper Malware
Wiper malware is used for wiping, overwriting, or removing data...
BLOG: Insider Threats In the Healthcare Sector
The healthcare sector should be a sector that threat actors...

BLOG: What is Magecart/E-Skimming?

Tuesday 7th December 2021

BLOG: What is Magecart/E-Skimming?
Magecart is a commonly used name for loosely affiliated groups...

BLOG: How Black Friday Impacts Businesses

Wednesday 24th November 2021

BLOG: How Black Friday Impacts Businesses
With Black Friday around the corner, it is important consumers...
PRESS RELEASE: Orpheus Cyber x Cyber Runway
Orpheus Cyber is pleased to announce that we have been chosen...
BLOG: Cybersecurity Weaknesses In The Financial Industry
The financial sector remains at the sharp edge of the...
BLOG: How Secure Is Two Factor Authentication?
Implementation of two-factor authentication is often the advice provided by...
BLOG: UK Ransomware Attacks Have Doubled In A Year
Ransomware attacks have been one of the critical moments of...
BLOG: DDoS Attacks on Online Gamers and How to Prevent Them
DDoS Attacks and Gaming Gaming has been described as a...

BLOG: The Dangers of QR Codes

Wednesday 13th October 2021

BLOG: The Dangers of QR Codes
A QR code (Quick Response code) is a type of...
BLOG: NatWest’s £320m Money-Laundering Fine
Last week it was found that NatWest is facing the...

BLOG: Pharming vs Phishing

Friday 8th October 2021

BLOG: Pharming vs Phishing
Last year, Phishing and Pharming were among the top types...

BLOG: The Return Of REvil

Monday 13th September 2021

BLOG: The Return Of REvil
Following an abrupt departure for two months, several of the...

BLOG: Ragnar Locker New Tactic

Tuesday 7th September 2021

BLOG: Ragnar Locker New Tactic
Ragnar Locker operatives this week have cautioned victims against soliciting...

BLOG: What Is Pegasus?

Tuesday 7th September 2021

BLOG: What Is Pegasus?
On Monday, Spyware researchers obtained what is believed to be...

BLOG: The Rise Of Stalkerware

Tuesday 7th September 2021

BLOG: The Rise Of Stalkerware
Stalkerware is a term used to refer to software applications...
BLOG: Is Cryptojacking On The Rise Again?
Cryptojacking was at the centre of a lot of controversy...

BLOG: How Are Vulnerabilities Defined?

Thursday 2nd September 2021

BLOG: How Are Vulnerabilities Defined?
A vulnerability is a weakness or error in a system/device’s...
BLOG: Why is a Third-Party Risk Management Budget Important?
A great way for organisations to deal with the expanding...
BLOG: Why Vulnerability Management Crucial to Managing Third-Party Cyber Risk & How Orpheus Cyber Can Help
The current cyber threat landscape means that taking a pre-emptive...
BLOG: How Artificial Intelligence and Machine Learning Help Cybersecurity In 2021
Machine learning and artificial intelligence provide us with a wide...
BLOG: Supply Chain Attacks Expected To Quadruple In 2021
The European Union Agency for Cybersecurity (ENISA) conducted research and based on...
BLOG: How Important Is Continuous Risk Monitoring?
Third-party security breaches are increasing and rising at a large...
BLOG: Respect in Security Pledge
When you work in threat intelligence you are very aware...
BLOG: The Most Routinely Exploited Vulnerabilities of 2020 & 2021
A Cybersecurity Advisory report was co-authored and published on 28th...
BLOG: The Importance of Supply Chain Risk Management
With the recent controversy surrounding the huge supply chain attack...
BLOG: UK Government Requests Views on Supply Chain Cybersecurity
The United Kingdom’s Department for Digital, Culture, Media & Sport...

BLOG: Star-Fs & CBest Compared

Wednesday 14th July 2021

BLOG: Star-Fs & CBest Compared
STAR-FS and CBEST are both frameworks for intelligence-led penetration testing...

BLOG: Who is RYUK?

Thursday 8th July 2021

BLOG: Who is RYUK?
Ryuk is a complex ransomware threat that first emerged in...

BLOG: What is Maze Ransomware?

Thursday 24th June 2021

BLOG: What is Maze Ransomware?
Maze ransomware is a complex strain of Windows ransomware, this...
BLOG: Common Third-Party Risk Management Concerns
Organisations are often unaware of the risks that third-party vendors...
BLOG: How Ransomware-As-A-Service Works
Ransomware as a Service (RaaS) is an implementation of the...
CASE STUDY: UKRI x Orpheus Cyber
At Orpheus Cyber, we deploy award-winning machine learning technology to...
BLOG: What role do cryptocurrencies play in ransomware?
Ransomware has gradually become a prevalent cybercrime. Cryptocurrency and ransomware...
BLOG: Why is Third-Party Risk Management Crucial?
Third-party risk management is imperative in helping mitigating risk and...
BLOG: The Evolution of Ransomware
Ransomware is a threat landscape that is always transforming and...
Orpheus Cyber Wins ‘Best Use Of Machine Learning/AI’ At SC 2021 Awards Europe
We are appreciative and pleased to announce our win for...
BLOG: Should Organisations Pay Ransom Demands?
A popular debate is quite often, “should organisations pay the...
BLOG: Who is REvil/Sodinokibi?
REvil (also identified as Sodinokibi) is a private ransomware-as-a-service (RaaS)...
BLOG: JBS S.A. Falls Victim To Ransomware Attack
Over the weekend, global food distributor JBS S.A. has become...
BLOG: Researchers Expose Malware Trick Used To Bypass Antivirus Software
Researchers have recently divulged substantial security weaknesses surrounding common software...
BLOG: Malvertising Campaign Distributes Malicious AnyDesk Installer
On Wednesday, Cybersecurity researchers revealed the disruption of a malvertising...
BLOG: Energy Firms Rush to Buy Cyber Insurance
A recent article from Reuters suggests that energy companies are...
BLOG: Microsoft Informs About Data Stealing Malware That Acts As Ransomware
Microsoft issued a warning on Thursday May 20th about a...
BLOG: Colonial Pipeline Operations ‘Back to Normal’ As DarkSide Shuts Down
The Colonial Pipeline at the centre of the recent ransomware...
Achilles partners with Orpheus to offer supply chain cyber risk management and intelligence
Achilles Information, global leader and partner of choice for supply...

BLOG: Who is DarkSide?

Thursday 13th May 2021

BLOG: Who is DarkSide?
DarkSide is the name given to the group operating the...
BLOG: Fuel Pipeline Cyber Attack Causes US To Declare Emergency
A colonial pipeline that contains and supports 45% of the...
BLOG: The Escalating Concern About Ransomware
Ransomware has always been quite a prominent threat, but it...
BLOG: How Security Intelligence Improves Cloud Security
Security intelligence can play a huge role in cloud security,...
BLOG: How Orpheus Cyber Approaches Cyber Risk Ratings
A recent Forrester report on cyber risk ratings has provided...
BLOG: Main Cloud Security Issues and Threats in 2021
As threats have evolved and we have sophisticated new attacks...
BLOG: How Machine Learning and AI can be used to prevent cyberattacks
At Orpheus Cyber, we deploy award-winning machine learning technology to...
Orpheus Cyber Shortlisted For Best Use Of Machine Learning/AI By SC 2021 Awards Europe
Orpheus Cyber is delighted to announce we have been shortlisted...

BLOG: What Is Cloud Security?

Thursday 15th April 2021

BLOG: What Is Cloud Security?
Cloud security describes a form of cybersecurity that covers policies,...
BLOG: Third-Party Risk Management Guidance
The UK financial services regulators have combined to deliver guidelines...
BLOG: COVID 19’s Impact on Women In Cyber
Throughout the pandemic we have read countless articles on the...
BLOG: Using your voice as a woman in cybersecurity
As we have discussed before, diversity within the cybersecurity industry...
BLOG: How close are we to closing the gender diversity gap?
Cybersecurity has long been a male dominated industry with only 20 per...
BLOG: Why Diversity Is Crucial For Threat Intelligence Teams
Workplace diversity is often supported for ethical or moral reasons...
BLOG: Increase in QuickBooks Data Spear-Phishing Attacks
Research has now led to a discovery of a significant...
BLOG: 30,000 Macbooks Infected By New “Silver Sparrow” Malware
There is popular belief that Apple made computers are mostly resistant to any type of malware, however as of recently it appears...
BLOG: What are the benefits of a STAR-FS?
The UK regulator has recently introduced the STAR-FS intelligence-led penetration...

BLOG: Danger Of Ads & PUAs

Tuesday 16th February 2021

BLOG: Danger Of Ads & PUAs
As long as there have been web advertising networks, there...

BLOG: Valentine’s Day Phishing Scams

Saturday 13th February 2021

BLOG: Valentine’s Day Phishing Scams
Valentine’s day is universally known as the day when people...
BLOG: Remote Working Causing Data Breach Fatigue
At a time when data security needs to be taken more...

STAR-FS Accreditation Announcement

Wednesday 10th February 2021

STAR-FS Accreditation Announcement
Orpheus is pleased to announce our accreditation under the STAR-FS...

BLOG: What Is STAR-FS?

Wednesday 10th February 2021

BLOG: What Is STAR-FS?
STAR-FS is the new standard for threat-led penetration tests within...
BLOG: Makop RaaS Campaign targets South Korean Entities
Executive Summary A recent Makop ransomware campaign has been targeting...

BLOG: Continuous Risk Monitoring

Friday 29th January 2021

BLOG: Continuous Risk Monitoring
Continuous risk monitoring is a valuable tool for organisations seeking...
BLOG: New Wormable Android Malware Spreading Through WhatsApp
A newly discovered, Android malware software has been found to disseminate itself through WhatsApp messages to other...
BLOG: Why are big-game hunting ransomware groups targeting remote access vulnerabilities?
Version 1.1 Author Alex Ashby Date 12th May 2020 The...
BLOG: WhatsApp Delays Controversial Privacy Update
WhatsApp announced on Friday that the controversial policy update (click...
BLOG: Understanding Third Party Risk
Third Party Risk is the potential risk that arises from institutions...

BLOG: Whatsapp’s New Privacy Policy

Saturday 9th January 2021

BLOG: Whatsapp’s New Privacy Policy
WhatsApp has issued an update to their privacy policy informing...
BLOG: Ticketmaster To Pay $10 Million Fine Over Hacking Scandal
The recent news surrounding Ticketmaster has caused some controversy. Ticketmaster...

BLOG: 2020 predictions in review

Thursday 31st December 2020

BLOG: 2020 predictions in review
We review a series of forecasts we made at the...

BLOG: 2021 Predictions

Wednesday 23rd December 2020

BLOG: 2021 Predictions
Introduction 2020 has been a tough year for us all,...
BLOG: 12 Vulnerabilities of Christmas – CVE -2019-2725
CVE-2019-2725 is a vulnerability that targets Oracle WebLogic Server versions...
BLOG: 12 Vulnerabilities of Christmas – CVE-2019-3396
The penultimate blog in our series on the most significant...
12 Vulnerabilities of Christmas- CVE-2017-0199
The latest in our 12 vulns of Christmas series looks...
BLOG: 12 Vulnerabilities of Christmas CVE-2019-19781
Having reportedly caused the death of a hospital patient and...
BLOG: 12 Vulnerabilities of Christmas – CVE-2019-10149
Although the latest vulnerability in our series had a CVSS...
BLOG: 12 Vulnerabilities of Christmas- CVE-2020-0688
CVE-2020-0688 is a critical vulnerability affecting Microsoft Exchange Server, allowing...
BLOG: 12 Vulnerabilities of Christmas CVE-2017-5638
CVE-2017-5638 is a critical vulnerability affecting certain versions of Apache...
BLOG: 12 Vulnerabilities of Christmas CVE -2019-11510
CVE-2019-11510 in Pulse Secure VPN products earned a maximum OVS score of...
BLOG: 12 Vulnerabilities of Christmas – CVE-2020-0796 A.K.A SMBGhost
CVE-2020-0796 is a critical vulnerability affecting the SMB protocol originally...
FireEye breach sees release of red-team tools
The breach affecting cyber security giant FireEye reaffirms that sophisticated...
BLOG: 12 Vulnerabilities of Christmas CVE-2020-10189
Day three of our Christmas vulnerability countdown looks a vulnerability...
12 Vulnerabilities of Christmas- CVE -2020-5902
The Twelve Days of Christmas commemorates a series of increasingly...
12 Vulnerabilities of Christmas- CVE-2019-0708 A.K.A BlueKeep
The Twelve Days of Christmas commemorates a series of increasingly...
BLOG: Computer Security Day – What Precautions Should You Take?
In this blog post, we will briefly discuss Computer Security...
BLOG: Black Friday 2020 – What Are The Risks?
Black Friday is universally known as the time of year...

BLOG: The Privacy Risks Of Smart TVs

Thursday 19th November 2020

BLOG: The Privacy Risks Of Smart TVs
In honour of World Television Day, within this blog post...
‘You’re hired!’ The rise of corporate hack-for-hire groups
By Orpheus Analysts In this blogpost, the Orpheus analyst team...
What Do The Regulators Say About Third Party Risk?
Third party risk has long been identified as a key...

BLOG: Gone Phishing

Tuesday 3rd November 2020

BLOG: Gone Phishing
Investigation into a spearphishing campaign targeting company supported by Orpheus...
Blog: Future of Threats Against Connected Devices
As we come into the last few days of Cyber...
BLOG: Biden Their Time – The Cyber Threats To The US Election and Their Wider Consequences
By Orpheus Analysts Introduction   The US presidential election is always...
BLOG: US’ National Security Agency List of 25 Vulnerabilities That Chinese State Actors Are Scanning For and Exploiting
This week, the US’ National Security Agency (NSA) published a...
BLOG: The Importance Of Threat-Led Patch Prioritisation
In this blog we briefly discuss threat led patch prioritisation, to read...
BLOG: The UK’s Outrage Against The ‘Fatima’ Advert
In this blog post, we discuss the recent controversial government...
BLOG: Poor attack surface management means the threat from targeted ransomware persists
By Jamie MacColl In this blog post, we explain how...

test page 1

Thursday 17th September 2020

test page 1
dklfsjaklsdjfaklsdjflkdf jdffhadkfhadskfsaasf
How to ensure supply chains are cyber proof and secure? – Retail Tech Innovation Hub  press coverage
Covid-19 has caused unprecedented disruption to supply chains, particularly during...
Newcastle University ransomware infection – what happened and why?
By Katharine Palmer Following an incident affecting Northumbria University, Newcastle...
Healthcare cyber security feature comes to retail – Ret@il Technology press coverage
A leading cyber security feature on a health platform used...
BLOG: Ransom-where? The past, present and future of encrypt and leak ransomware operations
By Jamie MacColl In this blog, one of our analysts...
Virtualstock integrates integrates Orpheus Cyber Risk Rating score onto retail platform – Tamebay press coverage
By Chris Dawson August 20, 2020 – 2:24 pm Virtualstock is extending its partnership...
NEW TECHNOLOGY DEPLOYED TO COMBAT CYBER SECURITY THREAT IN RETAIL – press release
Virtualstock integrates award-winning cyber risk technology onto its retail platform...
BLOG: COVID’s Metamorphoses Part V: The regulatory and legislative challenge
By Orpheus Analysts In the fifth part of our series...
BLOG: COVID’s Metamorphoses part IV: insider threats, nation-state cybercrime and cyber security budgets during the “Great Lockdown” Recession
By Orpheus Analysts The fourth part of our series on...
BLOG: COVID’s Metamorphoses part III: Cybercrime during the “Great Lockdown” recession
By Orpheus Analysts The third part of our series on...
BLOG: Beyond the scam: geopolitical implications of the Twitter hack
The breach of Twitter on 15 July was an attempted...
THE LORCA REPORT 2020: MAKING OF AN ECOSYSTEM
Orpheus is featured as an innovator solving supply chain cyber...
BLOG: COVID’s Metamorphoses part II: A world disrupted: the consequences of the “retreat of globalisation” for nation-state cyber threats
By Jamie MacColl In the second part of our series...
BLOG: COVID’s Metamorphoses part I: nation-state activity in the era of vaccine nationalism
By Kit Palmer and Jamie MacColl Orpheus analysts examine one...
BLOG: COVID’S Metamorphoses: a pandemic’s long-term impact on the cyber threat landscape – an introduction to the series
By Jamie MacColl Over the past few months, COVID-19 has...
Which remote access vulnerabilities are targeted by ransomware groups and why? – SC Magazine press coverage
OPINION by Oliver Fairbank and Alex AshbyBEC ransomware tactics can be...
BLOG: Why are big-game hunting ransomware groups targeting remote access vulnerabilities?
The cybercriminal shift towards big-game hunting – going after bigger,...
Orpheus – AI & Machine Learning for predictive cyber risk management
Shining a light: Using AI to Transform Accountancy and Cyber...
WEBINAR: Join the next City and Financial webinar series – Orpheus is on the panel for webinar one 25th June 12pm.
Orpheus’ Head of Analysis Oliver Fairbank is sitting on the...
WEBINAR: Register for our next webinar on 23rd June 12pm.
Join our next webinar with our strategic partner Lorca Cyber...
BLOG – Second Order Effects of COVID-19 on the Attack Surface
  Following our previous research into the second-order effects of...
WEBINAR: Register for our next webinar on 28th April 10.30am.
Join us with one of our strategic partners, 2|SEC Consulting,...
WEBINAR: How Secure Are Your Supply Chains? Join us on 7th May 2020 10am
Click on image above to register for the webinar…
BLOG – COVID-19 response sees increase in potentially exploitable attack surface
Following our previous analysis of the likely cyber threat consequences...
BLOG – Beyond phishing – Coronavirus’ wider impact on the threat landscape
Over the past week, you may have seen multiple articles...
The increasing cyber-threat to the supply chain, and how to secure yours – SC Magazine press coverage
OPINION by Oliver FairbankSupply chain cyber-risk is increasing but by taking...

Orpheus 2020 Forecast

Tuesday 25th February 2020

Orpheus 2020 Forecast
ORPHEUS 2020 FORECASTS With the start of the new year...
Cyber security news round-up – Digital Health press coverage
NHS procurement platform Edge4Health has implemented an integrated cyber security...
Cybersecurity feature integrated to NHS procurement platform – Med-Tech press coverage
The Edge4Health is being rolled out to more than 60 NHS...
New cyber security feature for NHS procurement platform – BBH press coverage
The newly-launched NHS procurement platform, The Edge4Health, now comes with...
SBS adds cyber function to Edge4Health platform – Health Business press coverage
The Edge4Health procurement platform now comes with an integrated cyber...
NHS SBS adds cyber security function to The Edge4Health – UK Authority press coverage
The corporate services provider, which is a joint venture between...
NHS adds supplier security audits to procurement platform – Computer Weekly press coverage
NHS Shared Business Services (SBS) and its cloud platform partner Virtualstock have...
NEW Cyber Security Feature for NHS Procurement Platform, The Edge4Health
The newly-launched NHS procurement platform, “The Edge4Health” now comes with...
Why Diversity is Important in Analytical Teams
Diversity is an important part of every workplace. In a...
LORCA announces largest cohort of cybersecurity innovators
Government-backed innovation programme delivered by Plexal selects 20 companies to...
The Implications of Rising US-Iran Tensions for Businesses
The targeted  assassination of Iranian general Qasem  Soleimani on 3...
A Nasty Surprise in Supplies: Monitoring Your Supply Chain in the Wake of the Travelex Ransomware Incident
On 31st December, as the world prepared for the new...
Digital Health Magazine Cyber Security Round Up
Making it into our round-up of cyber security news this...
Current Cyber Security in NHS Suppliers
Cyber security is a key risk for NHS Trusts and...
Cyber Security in the Healthcare Supply Chain
“Cyber security is a key risk for NHS Trusts and...
Black Friday Highs and Woes: how cybercriminals exploit this season’s best deals
With over 165 million people shopping over Black Friday weekend...
BLOG SERIES: The Balkanisation of the Internet Part IV: From SORM to Sovereign: Russia’s digital surveillance and cybercrime
The fourth part of our “Balkanisation of the Internet” blog...
The Balkanisation of the Internet Blog Series Part III –  Brazil, India, and WhatsApp: A case study for tech decolonisation
In the third part of our Balkanisation series, we address the policies in India and Brazil that are contributing to the process
Hacktivists take Eastern Europe by storm
Two leaks of historic proportions occurred in Eastern Europe this...
The Balkanisation of the Internet Blog Series Part II – The inconsistent application of GDPR
Our analysts discuss the impact of GDPR on the balkanisation of the Internet
GDPR fines take off, highlighting the importance of a threat-led approach
Our analysts discuss the implications of the £183 million fine announced by the ICO on British Airways under new GDPR rules.
BLOG SERIES: The Balkanisation of the Internet I
In the first blog post of our 'Balkanisation of the Internet' series, our analysts introduce the key concept, and discuss the events leading up to the 'Splinternet'
Orpheus selects Alpha Generation as its UK Distribution Partner
Orpheus Cyber uniquely combines government-accredited Cyber Threat Intelligence and award-winning...
Trickle-Treat: How Threat Actors Benefit From the Trickle-Down of Capabilities
Our team analyses the 'trickle-down effect', in which TTPs filter from highly sophisticated actors to less sophisticated ones, and what it means for the threat landscape
Rude Awakening: Dream Market set to shut down
Our analysts discuss the shut down of Dream Market, and the future of similar dark web marketplaces
Hasta la Visa, baby: chatbots gone rogue
Our analysts discussed the innovative cyber threats associated with chatbots.
Orpheus present the CTIPS guide to cyber threat intelligence
Orpheus staff presented at the inaugural meeting of CREST Cyber Threat Intelligence Professionals.
Don’t ex-Spectre media coverage to Foreshadow the most potent vulnerabilities
Data from our collection sources and our repository of intelligence...
Orpheus data shows downward trend in zero-day use in nation-state operations
Data from our repository of intelligence reports (IntReps) has highlighted the extent to which advanced nation-state threat actors are reducing their reliance on zero-day exploits.
Our Tencent(s) on the battle royale to exploit interest in the Fortnite Android app
Cybercriminals have sought to take advantage of the long-awaited release...

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.