NCC Group

🚦 𝗟𝗲𝗴𝗮𝗰𝘆 𝗶𝘀𝗻’𝘁 𝗷𝘂𝘀𝘁 “𝗼𝗹𝗱 𝘁𝗲𝗰𝗵” – 𝗶𝘁’𝘀 𝗮 𝘀𝘆𝘀𝘁𝗲𝗺𝗶𝗰 𝗿𝗶𝘀𝗸 𝘄𝗲 𝗻𝗲𝗲𝗱 𝘁𝗼 𝗿𝗲𝘁𝗵𝗶𝗻𝗸    In her recent research write-up, Liz J. dives deep into the messy reality of legacy technology in transport; not as outdated artefacts, but as embedded, certified, and often invisible dependencies that shape safety-critical systems. 🔍 What’s inside:   • A three-layer taxonomy of transport tech: Cyber-Physical Systems, Infrastructure, and Support Tooling   • Why traditional IT definitions of legacy fall short in long-lived, regulated environments   • A scoring framework to assess creeping fragility    • Practical use cases for regulators, operators, and planners 💬 This is a must-read for anyone working in transport, infrastructure, assurance, or digital resilience. This thoughtful reflection contextualises the problem in a nuanced way, alongside offering the language and a toolkit to manage it.  🔗 Read the full research article here: https://lnkd.in/e3YVkQjT #transporttech #legacysystems #cyberphysicalsystems #digitalresilience #cybersecurity 

𝐈𝐧 𝐩𝐚𝐫𝐭𝐧𝐞𝐫𝐬𝐡𝐢𝐩 𝐰𝐢𝐭𝐡 𝐃𝐞𝐥𝐢𝐧𝐞𝐚, 𝐰𝐞 𝐡𝐨𝐬𝐭𝐞𝐝 𝐚 𝐫𝐞𝐦𝐚𝐫𝐤𝐚𝐛𝐥𝐞 𝐞𝐯𝐞𝐧𝐢𝐧𝐠 𝐚𝐭 𝐭𝐡𝐞 𝐂𝐡𝐮𝐫𝐜𝐡𝐢𝐥𝐥 𝐖𝐚𝐫 𝐑𝐨𝐨𝐦𝐬!   Last Wednesday night, NCC Group and Delinea brought together cyber security leaders for an exclusive roundtable dinner focused on “The Identity Threat Within: Exposing Gaps Open to Attack.”   From a private tour of Britain’s historic command centre to an in-depth discussion on modern IAM challenges - the event blended history, insight, and peer collaboration.   Key discussion points included: ✅ Detecting and dismantling hidden IAM vulnerabilities ✅ Moving from static to dynamic privileged access ✅ Leveraging AI for faster threat detection ✅ Aligning identity strategy with Zero Trust principles   A huge thank you to our expert speakers: • Derek Gordon, VP Identity & Access Management, NCC Group • 👤 Matt Hull, Global Threat Intelligence Lead, NCC Group • Phil D'Angio, VP Sales Engineering, Delinea   How is your organisation addressing identity fatigue and evolving access controls?   #CyberSecurity #IdentityAccessManagement #ZeroTrust #IAM #ThreatIntelligence #EventRecap

🚨 Are you ready to close the gaps in your cyber strategy? 🚨 From Gaps to Gains: Driving Results with Continuous Offensive Security Cyber threats are accelerating. Traditional, periodic testing cannot keep pace and that means increased risk and unpredictable costs. It’s time to embrace a smarter, continuous approach powered by global threat intelligence, advanced attack simulation, and real-time risk prioritisation. Join NCC Group for an actionable session on how Continuous Offensive Security helps organisations stay ahead in today’s dynamic environment. 🔍 What you’ll learn: ✅ Why periodic testing is no longer enough ✅ How continuous testing accelerates remediation and reduces risk exposure ✅ How to build a compelling business case for 2026 budget and executive buy-in ✅ Real-world examples of cyber strategy transformation and ROI Register now 👉 https://bit.ly/4oSmPEB Alessia O. Jacobo Ros 🏎️Duncan McDonald Don Ward #CyberSecurity #OffensiveSecurity #ContinuousOffensiveSecurity #DevSecOps #PenTesting #CISOs

🚨 𝐎𝐓 𝐂𝐲𝐛𝐞𝐫 𝐭𝐡𝐫𝐞𝐚𝐭𝐬 𝐚𝐫𝐞 𝐚𝐜𝐜𝐞𝐥𝐞𝐫𝐚𝐭𝐢𝐧𝐠 – 𝐢𝐬 𝐲𝐨𝐮𝐫 𝐝𝐞𝐟𝐞𝐧𝐜𝐞 𝐫𝐞𝐚𝐝𝐲?   As IT and OT environments increasingly converge, adversaries are taking advantage of newly exposed gaps and vulnerabilities. From AI-enhanced attack campaigns to custom malware engineered to evade traditional security controls, today’s threat landscape is reshaping how industrial organisations must defend their operations.   Join experts from NCC Group and Dragos, Inc. on 9th December for an exclusive deep-dive webinar exploring the latest cyber trends, TTPs, and real-world attack scenarios seen across industrial environments.   What you’ll learn 💡  ▪️ Latest OT threat actor tactics, common attack vectors and emerging AI-driven methods. ▪️ Key insights from NCC Group and Dragos 2025 Threat Intelligence reporting. ▪️ How to implement the SANS 5 Critical Controls across your OT environment. ▪️ Proven examples of proactive defence strategies from leading industrial organisations. ▪️Live Q&A with 👤 Matt Hull, David Brown and Mark Graham   👉 Reserve your spot today and start building a resilient, intelligence-led OT security strategy: https://bit.ly/4oSnQ05   #OTSecurity #IndustrialCybersecurity #ICS #CyberResilience #ThreatIntelligence #OperationalTechnology #CriticalInfrastructure

🚌 𝗧𝗮𝗰𝗸𝗹𝗶𝗻𝗴 𝗦𝗗𝗩 𝗰𝘆𝗯𝗲𝗿 𝗿𝗶𝘀𝗸𝘀 𝘄𝗶𝘁𝗵 𝗲𝗳𝗳𝗲𝗰𝘁𝗶𝘃𝗲 𝗴𝗼𝘃𝗲𝗿𝗻𝗮𝗻𝗰𝗲 🔐 Managing hundreds of Electronic Control Units (ECUs) across suppliers? Concerned about transport vehicle risks associated with human error from new software releases? Our new case study demonstrates how we’re helping a bus and coach manufacturer implement a robust software release and update process—complete with cross-functional sign-offs, automated cyber checks, and supplier assurance frameworks. This isn’t just about achieving compliance, or governance for governance’s sake—it’s building and securing trust in your future. 📘 Learn more > https://bit.ly/43PDMHB #CyberGovernance #SDV #TransportSecurity #ISO24089 #UNR156 #CyberInTransport #CaseStudy

🔐 𝗡𝗲𝘄 𝗿𝗲𝗽𝗼𝗿𝘁: 𝗔𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗥𝗲𝘃𝗶𝗲𝘄 𝗼𝗳 𝗔𝗺𝗮𝘇𝗼𝗻 𝗘𝗹𝗮𝘀𝘁𝗶𝗰 𝗞𝘂𝗯𝗲𝗿𝗻𝗲𝘁𝗲𝘀 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 (𝗘𝗞𝗦)     We’re pleased to share another example of the deep technical reports our team at NCC Group delivers. Amazon Web Services engaged NCC Group to conduct an architecture-level security review of Amazon EKS, focusing on the platform’s ability to protect Customer Content from unauthorised access – particularly by AWS Operators.    Scope of the review included:   • Evaluation of AWS’s data security design claims around how Amazon EKS is designed in order to prevent AWS employees from accessing Customer Content stored or processed  • Review of AWS's design of Amazon EKS around access control, and operational transparency  • Analysis of the Internal Administrative APIs 𝗞𝗲𝘆 𝘁𝗮𝗸𝗲𝗮𝘄𝗮𝘆: NCC Group confirmed that Amazon EKS’s architecture supports AWS’s claims – including strong enforcement of least privilege, and auditable operational boundaries. No architectural gaps were found that would compromise the stated security posture.  NCC Group's Global Practice Lead, Divya Natesan commented: "𝘕𝘊𝘊 𝘎𝘳𝘰𝘶𝘱 𝘪𝘴 𝘩𝘰𝘯𝘰𝘶𝘳𝘦𝘥 𝘵𝘰 𝘳𝘦𝘷𝘪𝘦𝘸 𝘵𝘩𝘦 𝘢𝘳𝘤𝘩𝘪𝘵𝘦𝘤𝘵𝘶𝘳𝘦 𝘰𝘧 𝘈𝘮𝘢𝘻𝘰𝘯 𝘌𝘒𝘚 𝘵𝘰 𝘷𝘢𝘭𝘪𝘥𝘢𝘵𝘦 𝘈𝘞𝘚’𝘴 𝘥𝘢𝘵𝘢 𝘴𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘤𝘭𝘢𝘪𝘮𝘴 𝘱𝘳𝘦𝘷𝘦𝘯𝘵𝘪𝘯𝘨 𝘈𝘞𝘚 𝘦𝘮𝘱𝘭𝘰𝘺𝘦𝘦 𝘢𝘤𝘤𝘦𝘴𝘴 𝘵𝘰 𝘤𝘶𝘴𝘵𝘰𝘮𝘦𝘳 𝘤𝘰𝘯𝘵𝘦𝘯𝘵. 𝘞𝘦 𝘢𝘯𝘢𝘭𝘺𝘴𝘦𝘥 𝘦𝘢𝘤𝘩 𝘰𝘧 𝘵𝘩𝘦𝘴𝘦 𝘤𝘭𝘢𝘪𝘮𝘴 𝘵𝘰 𝘦𝘯𝘶𝘮𝘦𝘳𝘢𝘵𝘦 𝘢𝘭𝘭 𝘱𝘰𝘵𝘦𝘯𝘵𝘪𝘢𝘭 𝘢𝘵𝘵𝘢𝘤𝘬 𝘱𝘢𝘵𝘩𝘴 𝘢𝘯𝘥 𝘴𝘱𝘦𝘤𝘪𝘧𝘪𝘤 𝘱𝘳𝘰𝘵𝘦𝘤𝘵𝘪𝘰𝘯 𝘮𝘦𝘤𝘩𝘢𝘯𝘪𝘴𝘮𝘴 𝘈𝘞𝘚 𝘩𝘢𝘴 𝘪𝘯 𝘱𝘭𝘢𝘤𝘦.   𝘈𝘮𝘢𝘻𝘰𝘯 𝘌𝘒𝘚 𝘪𝘴 𝘰𝘯𝘦 𝘰𝘧 𝘵𝘩𝘦 𝘮𝘰𝘴𝘵 𝘸𝘪𝘥𝘦𝘭𝘺 𝘢𝘥𝘰𝘱𝘵𝘦𝘥 𝘮𝘢𝘯𝘢𝘨𝘦𝘥 𝘒𝘶𝘣𝘦𝘳𝘯𝘦𝘵𝘦𝘴 𝘱𝘭𝘢𝘵𝘧𝘰𝘳𝘮𝘴 𝘪𝘯 𝘵𝘩𝘦 𝘸𝘰𝘳𝘭𝘥, 𝘱𝘰𝘸𝘦𝘳𝘪𝘯𝘨 𝘤𝘳𝘪𝘵𝘪𝘤𝘢𝘭 𝘸𝘰𝘳𝘬𝘭𝘰𝘢𝘥𝘴 𝘢𝘤𝘳𝘰𝘴𝘴 𝘪𝘯𝘥𝘶𝘴𝘵𝘳𝘪𝘦𝘴. 𝘎𝘪𝘷𝘦𝘯 𝘪𝘵𝘴 𝘤𝘦𝘯𝘵𝘳𝘢𝘭 𝘳𝘰𝘭𝘦 𝘪𝘯 𝘦𝘯𝘢𝘣𝘭𝘪𝘯𝘨 𝘰𝘳𝘨𝘢𝘯𝘪𝘴𝘢𝘵𝘪𝘰𝘯𝘴 𝘵𝘰 𝘴𝘦𝘤𝘶𝘳𝘦𝘭𝘺 𝘥𝘦𝘱𝘭𝘰𝘺, 𝘰𝘳𝘤𝘩𝘦𝘴𝘵𝘳𝘢𝘵𝘦, 𝘢𝘯𝘥 𝘴𝘤𝘢𝘭𝘦 𝘤𝘰𝘯𝘵𝘢𝘪𝘯𝘦𝘳𝘪𝘻𝘦𝘥 𝘢𝘱𝘱𝘭𝘪𝘤𝘢𝘵𝘪𝘰𝘯𝘴, 𝘪𝘯𝘥𝘦𝘱𝘦𝘯𝘥𝘦𝘯𝘵 𝘴𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘢𝘴𝘴𝘦𝘴𝘴𝘮𝘦𝘯𝘵𝘴 𝘭𝘪𝘬𝘦 𝘵𝘩𝘪𝘴 𝘢𝘳𝘦 𝘦𝘴𝘴𝘦𝘯𝘵𝘪𝘢𝘭 𝘵𝘰 𝘮𝘢𝘪𝘯𝘵𝘢𝘪𝘯 𝘵𝘳𝘶𝘴𝘵 𝘪𝘯 𝘵𝘩𝘪𝘴 𝘊𝘭𝘰𝘶𝘥 𝘦𝘤𝘰𝘴𝘺𝘴𝘵𝘦𝘮.   𝘕𝘊𝘊 𝘎𝘳𝘰𝘶𝘱 𝘪𝘴 𝘱𝘳𝘰𝘶𝘥 𝘢𝘯𝘥 𝘷𝘦𝘳𝘺 𝘱𝘭𝘦𝘢𝘴𝘦𝘥 𝘵𝘰 𝘣𝘦 𝘢 𝘱𝘢𝘳𝘵𝘯𝘦𝘳 𝘸𝘪𝘵𝘩 𝘈𝘞𝘚 𝘵𝘰 𝘳𝘦𝘪𝘯𝘧𝘰𝘳𝘤𝘦 𝘤𝘰𝘯𝘧𝘪𝘥𝘦𝘯𝘤𝘦 𝘪𝘯 𝘌𝘒𝘚’𝘴 𝘴𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘱𝘰𝘴𝘵𝘶𝘳𝘦.”   This engagement highlights NCC Group’s commitment to advancing secure cloud-native platforms through rigorous, independent analysis.    📘 Read the full report here: https://lnkd.in/ewPWPbPr #cloudsecurity #kubernetes #AWS #cybersecurity #technicalresearch  

🔍 𝗧𝗵𝗿𝗲𝗮𝘁 𝗶𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 𝘄𝗲𝗯𝗶𝗻𝗮𝗿: 𝘁𝗵𝗿𝗲𝗮𝘁 𝗵𝘂𝗻𝘁𝗶𝗻𝗴 𝗶𝗻 𝗳𝗼𝗰𝘂𝘀 In our next session, we’re diving into the evolving world of Threat Hunting - what it is, why it matters, and how it integrates with actionable threat intelligence to proactively defend against cyber threats.   Featuring Joshua Mountney (Threat Hunting Senior Manager) and 👤 Matt Hull (Head of Global Threat Intelligence), this webinar will explore:  • The relationship between threat intelligence and threat hunting  • NCC Group’s proprietary threat hunting framework  • Real-world insights into ransomware, threat actors, and geopolitical trends  • How iterative intelligence processes help security teams stay ahead This session will be invaluable for CISOs, threat intel professionals, and security leaders looking to sharpen their proactive defence strategies.   🗓️ 𝟭𝟴𝘁𝗵 𝗡𝗼𝘃𝗲𝗺𝗯𝗲𝗿 | 🕓 𝟰𝗽𝗺 𝗚𝗠𝗧 / 𝟭𝟭𝗮𝗺 𝗘𝗦𝗧   👉 Register now: https://lnkd.in/g9Z_cqf6 #threatintelligence #threathunting #cybersecurity #ransomware #emergingthreats

🚢 Is your supply chain truly secure? Cyber threats are evolving fast - and with 68% of organizations expecting attacks to rise, the pressure is on. The agenda 📊 Research Overview & Key Implications 🤖 Deep Dive: AI in Supply Chain 🏗️ Critical Infrastructure Spotlight ❓ Interactive Q&A Session The State of Supply Chain Security 📅 Thursday, December 4th, 2025 🕒 3:00 PM (GMT) 👉 Reserve your spot now: https://bit.ly/3K2hSKD #CyberSecurity #SupplyChain #RiskManagement #Webinar

At DefCon 33, Viktor Gazdag unveiled a novel proof-of-concept backdoor in Microsoft Fabric – a unified analytics platform that powers services like Power BI, Data Factory, and OneLake. This research explores how attackers can leverage Fabric’s automation and event-driven architecture to stealthily execute malicious code using notebooks and the Activator. The result? A persistent, low-profile backdoor that exploits legitimate platform features. 💡 Key highlights:  • Abuse of Fabric’s event monitoring (Activator) to trigger hidden Python scripts  • Use of service principals and public package repositories for post-exploitation  • Creation of Azure resources like VMs and network rules to maintain access This is a must-read for cloud security professionals, detection engineers, Azure engineers, and anyone working with Microsoft Fabric.   🔗 Read the full article: https://lnkd.in/e4jxtZtG You can also watch Viktor’s talk on YouTube here: https://lnkd.in/evXga7MB #cybersecurity #microsoftfabric #azure #cloudsecurity #DefCon33 #azuresecurity

🌿 Wellbeing day at our Manchester office was a HIT! 🌿 What an incredible day dedicated to mind, body, and soul!   Here’s what we enjoyed: 🎶 Soundbath Sessions 🧘♀️ Office Stretches & Mindfulness – goodbye tension, hello calm 🎨 Clay Modelling  💆♀️ Reflexology & Chair Massages 💬 Inspiring Talk from Luke Ambler at #ANDYSMANCLUB - conversations that truly matter 🍴 Delicious Lunch by Jerk Junction – because wellness includes great food!   A huge thank you to everyone who joined and made the day so special. Here’s to more moments of connection, calm, and creativity! 💚 #WellnessAtWork #ManchesterOffice #MindBodySoul