Total results: 2488
Page 1 of 100
Filters
Topics
- Cyber Security (461)
- Research (409)
- Consulting (402)
- Technology, general (395)
- Whitepapers (238)
- Computer security (230)
- Technical advisories (224)
- Vulnerability (173)
- Cryptography (126)
- Tool Release (115)
- Hardware & Embedded Systems (113)
- Public tools (107)
- Threat Intelligence (107)
- General Consulting (95)
- Technology (85)
- Public Reports (66)
- Insights & Viewpoints (64)
- Digital Forensics and Incident Response (DFIR) (62)
- Presentations (56)
- Increasing regulatory & legislative requirements (53)
- iSec Partners (52)
- Reverse Engineering (50)
- Tutorial/Study Guide (50)
- Assessments (49)
- Growing threat landscape (45)
- Regulations & Legislation (42)
- Conferences (40)
- Machine Learning (40)
- Cloud Security (39)
- Cloud & Containerization (37)
- Securing our connected future (36)
- Patch notifications (35)
- VSR (32)
- Insight Space (28)
- North American Research (28)
- Uncategorized (28)
- Working life (26)
- Offensive Security & Artificial Intelligence (25)
- UK (24)
- Managed Detection & Response (22)
- Ransomware (22)
- Reducing Vulnerabilities at Scale (22)
- Research Paper (22)
- Transport (20)
- Fox-IT (19)
- Sustainability (18)
- Books (17)
- Detection and Threat Hunting (17)
- Standards (15)
- Third-Party Risk Management (14)
- Emerging Technologies (13)
- Managed Detection & Response (MDR) (13)
- Vulnerability Research (13)
- Gender (12)
- Public interest technology (12)
- Virtualization, Emulation, & Containerization (11)
- 5G Security & Smart Environments (10)
- Artificial Intelligence (10)
- Business Insights (10)
- Gaming & Media (10)
- Inclusion and Diversity (10)
- NCC Conversations (10)
- Operational Technology (10)
- Social issues (10)
- UK Research (10)
- #eachforequal (9)
- Blockchain (9)
- Finance (9)
- Giving Back (9)
- Politics (9)
- Talent and Careers (9)
- Risk Management & Governance (8)
- Corporate (7)
- Cyber as a Science (7)
- Fox-IT and European Research (7)
- General (7)
- Remediation (7)
- Supply Chain Management (7)
- Working Environment (7)
- Crises, Incident (6)
- Data, Telecom, IT (6)
- Engineering (6)
- Health, Health Care, Pharmaceuticals (6)
- MXDR (6)
- Security (6)
- #People - making the world safer and more secure (5)
- Crime (5)
- Government (5)
- Partnerships, cooperations (5)
- Reports (5)
- Telecom (5)
- Annual Research Report (4)
- Awards (4)
- Awards & Recognition (4)
- General data (4)
- IT Consulting (4)
- Law (4)
- Mental Health (4)
- Science, technology (4)
- Threat briefs (4)
- APAC (3)
- Academic Partnership (3)
- Business enterprise (3)
- CYBERUK (3)
- Cars and traffic (3)
- Children, Youth (3)
- Corona (3)
- Data (3)
- Gender equality (3)
- Legacy Systems (3)
- People (3)
- School (3)
- Software Resilience (3)
- Technology Policy (3)
- UK cyber security policy (3)
- USA (3)
- Crime, Law, Legal affairs (2)
- Crises (2)
- Crypto (2)
- DDoS Assured (2)
- Education (2)
- Expert Insights (2)
- Incident Response (2)
- Intern Projects (2)
- Legal affairs (2)
- Microsoft (2)
- Misinformation, Deepfakes, & Synthetic Media (2)
- PCI DSS (2)
- Politics, general (2)
- Public sector (2)
- Resources (2)
- Smart cities (2)
- Social issues, General (2)
- Sustainability/CSR (2)
- Teaching, Learning (2)
- University, University College (2)
- Webinar (2)
- escrow (2)
- future of cyber (2)
- (1)
- ADD (1)
- ADHD (1)
- Adult education (1)
- Alumni Network (1)
- Annual and interim reports (1)
- Asia Pacific Research (1)
- Business enterprise, General (1)
- CTFs/Microcorruption (1)
- Communication (1)
- Current events (1)
- Cyber Advice (1)
- Cyber Talent Development (1)
- Defence issues (1)
- Disclosure Policy (1)
- Economy (1)
- Economy, Finance (1)
- Educational sciences (1)
- Elections (1)
- Energy (1)
- Energy issues (1)
- Finance and Professional Services (1)
- Fintech (1)
- Fraud (1)
- Industry, manufacturing (1)
- Infrastructure (1)
- Investor Relations (1)
- IoT (1)
- LGBTQIA+ (1)
- Law, Justice (1)
- MDR (1)
- MISA (1)
- MVSS (1)
- Managed Detection and Response (1)
- Mental Wellbeing (1)
- Parliament (1)
- Petroleum, Oil, Gas (1)
- Pride (1)
- Radio, TV (1)
- Science, general (1)
- Secure Development Lifecycle (SDL) (1)
- Sentinel (1)
- Services, Consulting (1)
- Society (1)
- Solutions (1)
- Spa, fitness, well-being (1)
- Supply Chain (1)
- Telecommunication, mobile telephony (1)
- Training (1)
- Web services (1)
- collaboration (1)
- computer misuse act (1)
- critical national infrastructure (1)
- cyber resilience (1)
- deepfake (1)
- healthcare (1)
- hospital (1)
- legal (1)
- next generation talent (1)
- protocol_name (1)
- recruitment (1)
- remediate (1)
- remediation (1)
- remote working (1)
- security consultant (1)
- smart tvs (1)
- threatintel (1)
Sectors
- Research (1325)
- News (419)
- Article (261)
- Press Release (115)
- Case Studies (48)
- Financial Services (21)
- Transport (21)
- Public Sector & Government Services (17)
- Tech, Media & Telecoms (15)
- Whitepapers (15)
- Cyber Advice & Insights (13)
- Healthcare (9)
- Events (8)
- Energy & Utilities (7)
- Videos (7)
- Webinars (7)
- Guides & Datasheets (6)
- Retail & Consumer Markets (6)
- Education (5)
- Expert Commentary (5)
- Maritime (5)
- Aviation & Aerospace (4)
- Government Affairs (4)
- Manufacturing (4)
- (3)
- Software Vendors (3)
- Commodities (2)
- Legal & Professional Services (2)
- Infographics (1)
- Software Resilience (1)
Public Report – O(1) Labs Mina Client SDK, Signature Library and Base Components Cryptography and Implementation Review
Research Cryptography Public Reports During October 2021, O(1) Labs engaged NCC Group’s Cryptography Services team to conduct a cryptography and implementation review of selected components within the main source code repository for the Mina project. Mina implements a cryptocurrency with a lightweig…
RokRat Analysis
Research Vulnerability Threat Intelligence Tool Release In July 2018 a security researcher named Simon Choi reported that a group, which goes by the name Group123 (also known as APT37 or Reaper), used spear-phishing emails to spread their malicious payload [1]. Shortly afterwards it was revealed tha…
SnapMC skips ransomware, steals data
Research Threat Intelligence Digital Forensics and Incident Response (DFIR) Fox-IT Over the past few months NCC Group has observed an increasing number of data breach extortion cases, where the attacker steals data and threatens to publish said data online if the victim decides not to pay. Given the…
Public Report – Google Enterprise API Security Assessment
Research Public Reports During the autumn of 2021, Google engaged NCC Group to perform a review of the Android 12 Enterprise API to evaluate its compliance with the Security Technical Implementation Guides (STIG) matrix provided by Google. This assessment was also performed with reference to the Com…
Shellshock Advisory
Research Research Technical advisories iSec Partners This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Shellshock Advisory 25 Sep 2014 – iSEC Partners Executive Summary Immediate patches are require…
Rise of the machines: Machine Learning & its cyber security applications
Research Cyber Security Whitepapers “By far the greatest danger of Artificial Intelligence is that people conclude too early that they understand it.” Eliezer Yudkowsky At NCC Group, we are researching Machine Learning (ML) and Artificial Intelligence (AI) from a number of different angles in order…
Local network compromise despite good patching
Research Cyber Security Whitepapers A common misconception by Windows system administrators is that keeping operating systems fully updated is sufficient to keep them secure. However, even on a network which is fully patched and using the latest Windows operating systems, it is often trivial for an…
NCC Group Monthly Threat Pulse – Review of October 2025
Ransomware attacks soar by 41% marking start of ‘Golden Quarter’ Global ransomware volume reached 594 attacks in October marking a 41% increase from September Qilin continues to be the most active threat group, responsible for almost a third (29%) of all attacks Industrials remained the most targete…
Kubernetes Security: Consider Your Threat Model
Research Cloud & Containerization One of the questions that I’ve been asked on multiple occasions when presenting on Kubernetes security [1] is: “Which distribution should I install?” There are a bewildering number of options for deploying Kubernetes, with over 60 commercial products or open source…
Abusing Blu
Research Vulnerability tl;dr In today’s (28 February) closing keynote talk at the Abertay Ethical Hacking Society’s Securi-Tay conference, NCC Group was present and I discussed how it was possible to build a malicious Blu-ray disc. By combining different vulnerabilities in Blu-ray players we have bu…
Masquerade: You Downloaded ScreenConnect not Grok AI!
Tldr; This post will delve into a recent incident response engagement handled by NCC Group’s Digital Forensics and Incident Response (DFIR) team, involving AsyncRAT. Below provides a summary of findings which are presented in this blog post: Initial access via a drive by compromise Use of ScreenConn…
Paradoxical Compression with Verifiable Delay Functions
Research Research Cryptography Research Paper We present here a new construction which has no real immediate usefulness, but is a good illustration of a fundamental concept of cryptography, namely that there is a great difference between knowing that some mathematical object exists, and being able t…
log4j-jndi-be-gone: A simple mitigation for CVE-2021
Research Research Vulnerability Tool Release tl;dr Run our new tool by adding -javaagent:log4j-jndi-be-gone-1.0.0-standalone.jar to all of your JVM Java stuff to stop log4j from loading classes remotely over LDAP. This will prevent malicious inputs from triggering the “Log4Shell” vulnerability and g…
A Guide to Improving Security Through Infrastructure-as
Research Research Cloud Security Tutorial/Study Guide Modern organizations evolved and took the next step when they became digital. Organizations are using cloud and automation to build a dynamic infrastructure to support more frequent product release and faster innovation. This puts pressure on the…
A Census of Deployed Pulse Connect Secure (PCS) Versions
Research Threat Intelligence Today we are releasing some statistics around deployment of Pulse Connect Secure versions in the wild. The hope is that by releasing these statistics we can help to highlight the risk around outdated versions of PCS, which are being actively exploited by malicious actors…
Lessons learned from 50 USB bugs
Research Research Vulnerability Whitepapers USB hosts are everywhere – laptops, TVs, tablets, car infotainment systems, even aeroplane seat-backs. All of these hosts need to understand the capabilities of devices that are connected to them – a process is known as enumeration. It is basically a conve…
NCC Group Monthly Threat Pulse – Review of July 2025
Press Release Threat Intelligence Ransomware levels hold steady in July despite persistent risks Global ransomware attacks remained stable increasing 1% month-on-month in July, with 376 cases INC Ransom was the most active threat group in July, responsible for 14% of attacks Industrials remained the…
SecureIE.ActiveX
Research Public tools SecureIE.ActiveX is a tool to evaluate the ActiveX security settings on Internet Explorer. Prerequisites: Win32 Download Tool NCC Group Publication Archive
RIFT: F5 Networks K52145254: TMUI RCE vulnerability CVE-2020
Research Threat Intelligence tl;dr CVE-2020-5902 was disclosed on July 1st, 2020 by F5 Networks in K52145254 as a CVSS 10.0 remote code execution vulnerability in the Big-IP administrative interface. By July 3rd, 2020 NCC Group observed active exploitation. This blog is a summary of what we know as…
SecureCisco
Research Public tools SecureCisco is a product that analyzes several security settings of a Cisco Router. SecureCisco’s analyzer includes over 25 checks for security. Additionally, for each finding, SecureCisco will provide a detailed recommendation with the exact syntax to mitigate any insecure sec…
Pip3line – The Swiss Army Knife of Byte Manipulation
Research Tool Release Here at NCC Group we work with raw bytes a lot! As I couldn’t find a good tool to manipulate, encode and decode easily I set about writing Pip3line a while back. While it has been available for a while as open source I’ve not really discussed it outside of NCC hence this post.…
A deeper dive into CVE-2021
Research Cryptography Vulnerability This blog post discusses two erroneous computation patterns in Golang. By erroneous computation we mean simply that given certain input, a computer program with certain state returns incorrect output or enters an incorrect state. While clearly there are no limit…
Check out our new Microcorruption challenges!
Research Research Hardware & Embedded Systems Tool Release CTFs/Microcorruption New Microcorruption challenges created by Nick Galloway and Davee Morgan Today we are releasing several new challenges for the embedded security CTF, Microcorruption. These challenges highlight types of vulnerabilities t…
Singularity of Origin
Research Public tools Singularity of Origin is a robust and easy-to-use tool to perform DNS rebinding attacks. It consists of a DNS and a web server, a web interface to configure and launch an attack, and sample attack payloads. We plan to support this tool and continue to add features and payloads.…
NCC Group welcomes UK
NCC Group welcomes the announcement of the UK-US Tech Prosperity Deal, a landmark agreement that promises to accelerate innovation across AI, quantum computing, and clean energy, while unlocking significant investment and job creation across both nations. As a global cyber security and resilience sp…