Blogs on Hexiosec

New ASM Features and Improvements | February 2026

Thu, 26 Feb 2026 00:00:00 +0000

Introduction

February may only be a short month, but the team have still managed to release lots of new features and improvements to Hexiosec ASM.

This month’s new Hexiosec ASM features and improvements include:

A new Web Presence report.
The ability to create and manage API keys in the app.
A series of improvements that make the app, and your data, easier to navigate.
A cross-scan dashboard, currently in beta.

Web Presence report

We’ve added a new report type to Hexiosec ASM. Web presence is a great way to visualise everything you have exposed online, and shows you what a user would see if they browsed to every URL identified on your attack surface.

The Compliance Roadmap: End-to-End Encrypted File Transfer for UK Higher Education

Tue, 10 Feb 2026 00:00:00 +0000

Introduction

As we explored in our previous article on the regulatory landscape for UK higher education data protection, institutions face unprecedented challenges in securing sensitive information while maintaining operational effectiveness. With cyber security threats escalating and regulatory requirements becoming increasingly stringent, higher education institutions need solutions that specifically address their unique needs within the UK’s regulatory framework.

6 Steps to Compliance

A strong compliance posture starts with:

Data classification - Identify what needs protecting; a good question to ask is what would happen if this data were lost or stolen? This might include personally identifiable information (PII) covered by UK GDPR, valuable research data, or commercially sensitive information.
Risk Assessment – Understand the threats to sensitive data, ask questions such as:
- Who would be interested in stealing your data and why?
- What could disrupt or corrupt your data?
- How could the data be lost – what access points are there?
Policy Development - Define how and when data is shared by establishing clear guidelines for what types of data must be shared through secure channels and align with the NCSC’s guidance for higher education [1].
Technical Deployment - Roll out a solution that makes it easier for users to adhere to the policies you’ve defined, than to ignore them. Integrating with existing security frameworks and aligning with broader institutional security policies will reduce friction for users.
Training and Awareness – Ensure staff understand both how to use the solution and why specific security measures are necessary. The ease of use should be emphasised to encourage adoption.
Ongoing Monitoring – Establish oversight processes to ensure consistent use of the solution and to identify any emerging compliance risks. A strong technical deployment stage should make light work of continuous monitoring. The implementation process should prioritise departments handling the most sensitive data while establishing a roadmap for institution-wide adoption.

How Secure File Transfer Solutions Support the Road to Compliance

For higher education and research institutions, securely sharing large files is essential for effective collaboration. This is especially important during the Policy Development and Technical Deployment phases of the Compliance Roadmap.

How End-to-End Encrypted Data Transfer Can Help UK Higher Education Navigate Data Regulations

Mon, 09 Feb 2026 00:00:00 +0000

Introduction

This blog explores the unique regulatory challenges facing UK higher education institutions and how end-to-end encrypted file transfer solutions can address these concerns while enabling secure, compliant data sharing.

The UK higher education sector faces an increasingly complex regulatory landscape when it comes to data protection and information security. With universities handling vast amounts of sensitive data—from groundbreaking research to high volumes of personally-identifiable information (PII)—the stakes for resilient data security have never been higher. The education sector remains a prime target for cyber-attacks, with higher education institutions experiencing security breaches at an alarming rate.

Securing the Academic Perimeter: Attack Surface Management in UK Higher Education

Fri, 06 Feb 2026 00:00:00 +0000

Our previous blog explored the rapidly evolving cyber security landscape faced by UK higher education institutions and the unique challenges of managing their digital footprint. This blog explores what can be done to reduce these challenges and provides tips on how to stay ahead in an unpredictable and ever-changing world.

The Higher Education Security Challenge

UK universities and colleges operate in a particularly challenging security environment. Their networks must balance openness for academic collaboration whilst protecting sensitive research data and student information. Many institutions struggle with:

The Evolving Attack Surface in UK Higher Education

Thu, 05 Feb 2026 00:00:00 +0000

Introduction

This blog explores how the attack surface in UK higher education has evolved, the unique challenges faced by the sector, and why comprehensive attack surface management has become essential for protecting these vital institutions.

UK higher education institutions have become prime targets for cyber attackers over the past several years. With their vast digital estates, valuable intellectual property, and often fragmented security controls, universities and colleges present an attractive and vulnerable target landscape. The 2025 DSIT Cyber Security Breaches survey highlighted this point, reporting that 91% of higher education institutions identified a breach or attack in the past year. [1]

New ASM Features and Improvements | January 2026

Mon, 02 Feb 2026 00:00:00 +0000

Introduction

January — the month when things are supposed to calm down after the Christmas hustle and bustle? Not for us.

Alongside Hexiosec ASM’s new features we’re excited to share this month, we’ve also welcomed a film crew into the office for a behind-the-scenes look at Hexiosec. Stay tuned for upcoming videos where you’ll get insights into our environment and meet members of the team, including our Engineering Team Lead, Lauren Palmer.

Parsing email files in Go

Mon, 26 Jan 2026 00:00:00 +0000

This blog provides some background on the format of two common email file types, and introduces Go modules for the parsing of both. We’ve used the modules to build a tool for inspecting suspicious email files.

Inspecting Suspicious Emails

We have various customers who come to us with a range of questions and problems. A fairly common one is “I’ve got this email and I’m not sure about it”. We previously wrote a short guide on manually inspecting emails, in an effort to help people help themselves. But in some cases we carry out our own checks; so we built a tool to inspect email files.

How to control Microsoft 365's AI features

Thu, 15 Jan 2026 00:00:00 +0000

Every technology company is putting AI into everything, and whatever your opinions whether they should, it is unarguably going to have an impact on security. Focussing on Microsoft 365, this blog covers how you can use Intune to configure what Copilot and Recall are doing on managed Windows computers.

Introduction

I’m not going to add to the litany of blogs that discuss the merits of LLM-based applications in the workplace. In this context it doesn’t matter, as what is clear is that they are appearing in everything. Often without an administrator process to enable or configure them, which is clearly a potential threat to both security and privacy.

Privacy Checks for Email Configuration in Hexiosec ASM | January 2026

Tue, 13 Jan 2026 00:00:00 +0000

Introduction

We’ve added a new layer of insight to your Hexiosec ASM scans: MTA-STS validation. This protocol helps secure email delivery by enforcing TLS, reducing the risk of downgrade attacks. It’s an important part of having a strong email security posture, and in this post we’ll explain why it matters.

When you run a scan of a domain, Hexiosec ASM already has a Mail Configuration check that ensures that anti-spoofing measures are configured correctly. We check for:

Driving Cyber Security Forward: Hexiosec’s 2025 Highlights and What’s Next

Fri, 12 Dec 2025 00:00:00 +0000

As 2025 comes to a close, we’re proud to look back on a year of innovation, collaboration, and progress. At Hexiosec, we always want to help organisations stay secure in an ever-changing digital landscape, and this year we’ve taken big steps forward.

Advancing cyber security through shared innovation

We’ve been privileged to contribute to initiatives that strengthen cyber security across the UK. Here are just a few of the highlights:

New ASM Features and Improvements | November 2025

Fri, 05 Dec 2025 00:00:00 +0000

Introduction

With the festive season now upon us, our Hexmas elves have been at it again putting together another bumper packed stocking full of improvements to the Hexiosec ASM platform, ready for you to merrily unwrap, including:

A cloud connector to ensure complete coverage of your latest cloud assets in Hexiosec ASM.
Details about who sent an invite to join your organisation, and when.
Information about when services were last observed.
Clarification about when services and components you remove will disappear from your scan results in future scans.
Better visibility of scan usage across an organisation’s scan groups for admins.

In addition to these improvements, there have also been exciting developments over on ASM’s sibling product Hexiosec Transfer, taking the secure transfer of sensitive data to the next level, you can read about these upcoming features in our recent blog. Take a look and discover additional ways you can enhance the layers of security around your organisation, with Hexiosec Transfer to help secure your day-to-day operations alongside Hexiosec ASM to understand your online perimeter and the associated risks found.

Improving Email Security Even Further with MTA-STS

Wed, 03 Dec 2025 00:00:00 +0000

Three years ago we wrote about implementing SPF, DKIM and DMARC for email security. This short blog details another email security protection - MTA-STS.

Overview

SPF, DKIM and DMARC all affect the reliability of emails you send and receive, and can help to prevent spam and phishing. MTA-STS is a little different, as it helps control the communication between email servers. Specifically, the enforcement of TLS encryption. As per the relevant internet standard RFC:

Coming Soon - Introducing Three New Ways to Share Data Securely with Hexiosec Transfer

Wed, 26 Nov 2025 00:00:00 +0000

Over the next few months there are big changes coming to Hexiosec Transfer. As our first product to market, Hexiosec Transfer is something we are all extremely proud of; it is secure by design, with true end-to-end encryption at its heart, balanced with a simple user experience that’s easy to adopt.

We’re now expanding its capabilities beyond the peer-to-peer sharing that it focuses on today, to support many more real world scenarios. Our ultimate goal is to help organisations always share sensitive information securely.

Turning Cyber Risk Into An Easy Boardroom Conversation Using NCSC’s CAF 4.0 and Hexiosec ASM

Mon, 24 Nov 2025 00:00:00 +0000

The UK’s National Cyber Security Centre (NCSC) has developed the Cyber Assessment Framework (CAF) 4.0 to help organisations systematically manage and strengthen their cyber resilience.

But how does this help your organisation turn risk into an easy boardroom conversation, minimise costs and justify budgets?

Rob Wright explains how using the CAF with Hexiosec ASM can help…

Introduction: The critical role of the Cyber Assessment Framework (CAF)

In today’s digital landscape, the consequences of cyber incidents can be severe. Organisations responsible for essential services face relentless threats that can disrupt operations, compromise sensitive data, and undermine public trust. Recognising these risks, NCSC has developed the CAF.

As the NCSC Retires Web Check and Mail Check, Hexiosec Has Your Back

Thu, 13 Nov 2025 00:00:00 +0000

Live Webinar

The NCSC’s Web Check & Mail Check Are Retiring - Are You Ready?

Join us Thursday, 5 March, 10:00 am to get practical advice on what to do, and what “good” looks like under the NCSC’s modern EASM model.

At the beginning of November the National Cyber Security Centre (NCSC) announced that Web Check and Mail Check – two components of the UK government’s Active Cyber Defence programme – will be decommissioned on 31 March 2026.

Cyber Security Work Experience: Exploring AI in ASM at Hexiosec

Tue, 11 Nov 2025 00:00:00 +0000

A week in Cyber Security

In late June Hexiosec had the pleasure of hosting Juliette as a work experience student. Fresh from finishing her GCSEs, Juliette was keen to find out about what goes on at a cyber security company. And we were keen to encourage her towards a future in engineering, which is the correct choice, in my correct opinion.

From the outset we wanted to make sure Juliette had an engaging technical challenge, which would give her a genuine experience of working at Hexiosec. We chose a research topic for Juliette, aiming to both challenge her technically and provide useful insight for Hexiosec. Alongside the research we also made sure she met people from across the company, to allow her to find out about all the different roles and opportunities at a company like ours, such as marketing, services, product management, etc.

Minimising the Blast Radius - Why Secure File Sharing Is Critical

Tue, 11 Nov 2025 00:00:00 +0000

Organisations routinely share sensitive information electronically, including with external partners and clients. Many organisations also need to work with contractors and suppliers, such as someone who has temporarily joined the organisation and is working alongside you or an external organisation with whom you are collaborating.

People need to share documents easily to collaborate effectively and avoid delays or drops in productivity. The temptation is to use normal email, but when sending sensitive information, it can end up in the wrong hands. You may then be liable for fines – as seen with Capita’s recent £14 million GDPR fine – or suffer the business impact of others accessing confidential company information.

Cyber Security for Small to Medium Enterprises

Mon, 10 Nov 2025 00:00:00 +0000

Earlier in the year we were invited to talk at an event hosted at UKAS, and organised by them and Red Swan Partners. It was a cyber security event aimed at the Testing, Inspection, Certification and Compliance (TICC) sector, and I talked about cyber security for small to medium-sized enterprises.

As it’s an interesting topic that’s relevant to lots of our customers, I thought I’d turn the talk into a blog post you can reference, along with a downloadable PDF that covers it in full detail.

New ASM Features and Improvements | October 2025

Thu, 06 Nov 2025 00:00:00 +0000

Introduction

In October we continued the theme of the last couple of months by adding more features to help you view and manage risks discovered by Hexiosec Attack Surface Management (ASM). This month I’ll cover:

Created and resolved dates added to the Risks & Actions report
Made the ‘Created At’ field default for risks and actions
Update to the in-scan sidebar for Risk Management

Read on to hear about all this, as well as what else we have coming soon. The team are working on some major new features to perform more checks against your attack surface as well as cloud integrations with our cloud connectors.

Understanding True End‑to‑End Encryption: Why It Matters and How Hexiosec Transfer Does It Right

Mon, 27 Oct 2025 00:00:00 +0000

Some platforms claim end-to-end encryption, but few deliver it.

This blog explores what end‑to‑end encryption really means, why it matters, where some services fall short, and how Hexiosec Transfer achieves it by design.

Many online tools strive to make it easy to share files and data, but this often comes at the expense of privacy; we routinely entrust providers with our confidential documents, assuming they will keep them safe.

End‑to‑end encryption (E2EE) has emerged as the gold standard for protecting these exchanges, but there are misconceptions around what E2EE means, and an increasing prevalence of tools that claim E2EE but which do not deliver on that promise.

New ASM Features and Improvements | September 2025

Tue, 30 Sep 2025 00:00:00 +0000

Introduction

It’s everyone’s favourite day of the month, Hexiosec ASM monthly blog day. Yet another example of how we’re continuously making updates and improvements; a vital quality of an External Attack Surface Management product as noted by the National Cyber Security Centre in their recent blog .

You know the drill, here’s a summary of what we’ve been up to, read on for more details:

Exporting services to a CSV file
EPSS data in Risks & Actions reports
More information on IP Range seeds
Link changes API endpoint
Improved visibility of notable dates for actions

Exporting services as a CSV

This feature is not available to all tiers, please contact us to discuss adding it to your account.

What Is Attack Surface Management?

Tue, 23 Sep 2025 00:00:00 +0000

Update: The UK National Cyber Security Centre (NCSC) has recently released guidance on External Attack Surface Management (EASM) tools. Hexiosec ASM was one of the products assessed, and we were pleased to contribute our expertise to this work. The guide provides useful advice for organisations considering or procuring an ASM solution.

Managing an External Attack Surface

In our previous blog on “What Is an Attack Surface?” we covered what we mean by an online attack surface. Knowing what makes up your attack surface is the sensible first step, but then you have to start keeping on top of it. In this follow-up we provide an overview of one approach to managing an attack surface.

New ASM Features and Improvements | August 2025

Wed, 03 Sep 2025 00:00:00 +0000

Introduction

Reading a previous blog’s introduction, my partner made a wry comment about how surprising it was that the engineering team had been working hard again. I stand by this introduction, it is a fact that the team consistently work hard. This being August, and holiday season in the UK, some of the team have been on leave and therefore not working as much, but that’s allowed, and deserved.

Regardless, the Hexiosec engineering team have had another month of significant features, in this blog we will cover:

Cutting through the noise: Prioritising Vulnerabilities with EPSS

Wed, 27 Aug 2025 00:00:00 +0000

Introduction

Security teams today are inundated with vulnerability data. A single scan can return hundreds of Common Vulnerabilities and Exposures (CVEs), each with its own severity score, technical details, and patching requirements. The challenge isn’t finding vulnerabilities; it’s knowing which ones to fix first.

Traditionally, Common Vulnerability Scoring System (CVSS) scores have been used to sort vulnerabilities by severity. But while severity is useful in understanding potential impact, it doesn’t account for whether a vulnerability is actually being exploited - or likely to be in the near future.

After The MoD Afghan Breach - From Breach to Best Practice Across Government

Fri, 15 Aug 2025 00:00:00 +0000

The recent breach at the Ministry of Defence is a stark reminder of the vulnerabilities that exist within government data handling. While the specifics are concerning, the underlying causes will be familiar to anyone working in public sector IT security.

The MoD breach: A systemic challenge

A spreadsheet containing the personal details of almost 19,000 people was accidentally leaked by an official at UK Special Forces headquarters. The document, intended for a restricted Afghan relocation team, was emailed outside the authorised group and later appeared in the public domain. Names from the list were even found on Facebook months later.

Content Security Policy Implementation Guide - Boarding Pass Required

Fri, 08 Aug 2025 00:00:00 +0000

Content Security Policy (CSP) Implementation guide: Protecting web applications from XSS attacks

Looking to implement Content Security Policy for your website? This comprehensive CSP tutorial covers everything from basic CSP directives to advanced configuration examples, helping you secure your web applications against XSS attacks and other security threats.

Content Security Policy (CSP) is a powerful web security feature designed to prevent a wide range of cyber attacks, including Cross-Site Scripting (XSS), clickjacking, and data injection. It acts as a set of rules that tells the browser what content is allowed to be loaded, and how. By explicitly specifying trusted sources for scripts, styles, media, and other resources, CSP helps developers control the execution environment of their applications, limiting the risk of malicious content being injected and executed. As browsers become more security-conscious and attackers more sophisticated, learning how to implement CSP has become an essential skill.

New ASM Features and Improvements | July 2025

Tue, 05 Aug 2025 00:00:00 +0000

Introduction

The development team has been busy again this month, with a focus on how you assess risk and manage your seed data. Here’s a look at what’s new in Hexiosec ASM this July:

EPSS scores & Risks
Multi-seed imports
Glance at next run date
Additional filters for Risk graphs
CSP changes

Additionally, I joined Hexiosec in July as a Junior Software Engineer! Although it’s only been a month I’ve contributed quite a few features in this blog 😊. Grateful for the team’s support, and excited for what’s ahead in Hexiosec ASM!

No Summer Holidays for Cyber Responders? Why Attackers Love the Summer, and Why the UK Education Sector Should Care

Fri, 01 Aug 2025 00:00:00 +0000

The problem with Summer Holidays

When it comes to cyber-attacks, timing is rarely accidental. And yet every summer, schools and universities are caught off guard; systems are breached, data is locked, plans are disrupted, right as staff begin to switch off. It’s a pattern that’s hard to ignore. These aren’t just unfortunate coincidences. They’re calculated moves by attackers who understand when we’re most exposed, when the lights are on but no one’s watching. The summer break has quietly become peak season for targeting education. The evidence is mounting, and the strategy is clear: hit hard when defences are thin, response times are slow, and the attack surface is quietly expanding in the background.

How We Tested Mobile App Privacy — and What We Found for Which?

Tue, 22 Jul 2025 00:00:00 +0000

This week sees the publication of some more research we’ve done with Which?, aka the Consumer’s Association. This blog provides some background, explains our approach and offers a few technical titbits.

New ICO Guidance Raises App Privacy Questions

Last month the Information Commissioner’s Office released some new draft guidance on privacy for “smart products”. Whilst it doesn’t explicitly mention apps, it does list a range of IoT products that are expected to be used alongside a companion app, so apps are certainly relevant. It’ll be interesting to watch what happens with it.

New ASM Features and Improvements | June 2025

Wed, 02 Jul 2025 00:00:00 +0000

Introduction

June 2025 saw the Hexiosec development team continuing to work on new visualisations and checks in Hexiosec ASM, which we’ll be bringing to you soon. But the team has also released some great new features. Please read on to hear about a few of these, including:

Expandable description rows for risks
Scan complete notifications for all scan types
Support the use of Auth0 for SSO

I will also introduce a change, coming in July, to how we describe the assets found by Hexiosec ASM.

The Hidden Gem: How Flexible Working Kept Me in Tech

Thu, 19 Jun 2025 00:00:00 +0000

This time last year, I was making plans to leave the tech industry for good.

It may sound drastic, but the reason I wanted to walk away was also my reason for wanting to staying: I couldn’t see many (any?) people like me doing what I do (more on this later).

Spoiler alert: I stuck around

Trying to find a part-time job within cyber security was like looking for a diamond at the bottom of the ocean – I’d bet there is one somewhere that someone has lost at some point in time, but even getting eyes on it felt like an almost impossible task. Trying to find one without an on-call rotation, however, did seem impossible (responding to an incident at 2am, having stolen 28 minutes of sleep after finally getting a little one down for the 11^th time that evening has its challenges).

🦄 Being the Unicorn: Reflections for Women in Engineering Day

Wed, 18 Jun 2025 00:00:00 +0000

Hello, I’m Lauren — the Engineering Team Lead here at Hexiosec. For International Women in Engineering Day , I wanted to share a few thoughts on what it’s like being the only woman on our engineering team.

On Being a Unicorn

I often liken being a female engineer to being a unicorn — a mythical creature. Sometimes I feel like an oddity, a rarity. There’s plenty of discussion around encouraging women in STEM and bridging the diversity gap. And while I am fortunate that 25% of my workplace is female, I still often find myself the only woman in the room – especially when leading a team of men.

New ASM Features and Improvements | May 2025

Mon, 09 Jun 2025 00:00:00 +0000

Introduction

In May we’ve reacted quickly to agreements on certificate validity periods by refining the risks we raise against certificates with long validity periods, and we’ve added a brand new asset management page for services.

In this month’s blog, we cover the following:

Changes to risks relating to TLS certificate validity periods
A new Asset Management page for Services
New in-app navigation options

TLS certificate validity period

In May (the 13th to be precise), we updated risks relating to TLS certificate validity periods. It was previously anticipated that a 90 day validity period, recommended by Google, was likely to come into force. To allow organisations to prepare for this, Hexiosec ASM was highlighting certificates with a period longer than this. Based on recent agreements on this topic, the results found by Hexiosec ASM have now been updated to reflect these agreements, and help you resolve certificate risks.

Phishing with Malicious SVG Files

Fri, 06 Jun 2025 00:00:00 +0000

The threat of SVG files

As recently covered by RiskyBiz , attackers sending phishing emails have suddenly discovered what can be done with attaching malicious SVG images. We saw this with a customer last week, so I thought it worth a quick blog.

In our case, five of the more prominent users from one customer organisation all received similar emails, which purport to be a TODO message to themselves, with no body content but with an SVG attached:

New ASM Features and Improvements | April 2025

Sat, 10 May 2025 00:00:00 +0000

Introduction

Throughout April the engineering team were as busy as always, working on a range of updates to Hexiosec ASM, which include improvements to our web application, scan processing, system metrics and testing. To hear about a couple of the features we’ve released in the last month, as well as a couple of other topics, please read on:

This month I will cover:

Updated risk change navigation
An update to our CSP checks
The impact of the CVE programme funding on Hexiosec ASM, or not
An update to Hexiosec ASM’s sibling product, Hexiosec Transfer

Navigating risk changes

When you’re reviewing your scan results and any changes, we want to make it as easy as possible for you to understand what’s changed. You may be reviewing historical changes or you may be reviewing the latest changes prompted by an email notification.

Hexiosec Now on Jisc's Chest Platform

Wed, 07 May 2025 00:00:00 +0000

Hexiosec products now available on Jisc’s Chest platform

Making cyber security simpler, stronger, and more accessible for UK education and research

We’re excited to announce that Hexiosec is now available through the Chest platform — the trusted software and services procurement service run by Jisc, supporting universities, colleges, and research institutions across the UK.

From today, Hexiosec ASM and Hexiosec Transfer can be purchased directly through Chest, giving institutions a faster, more cost-effective way to strengthen their cyber security posture.

Transfer Feature | Secure Multi-Use File Sharing Requests

Tue, 06 May 2025 00:00:00 +0000

Introduction

Hexiosec Transfer allows you to receive files as well as send them, via our Sharing Request feature. This creates a link you can share with someone, enabling them to securely transfer files back to you using our end-to-end encrypted transfer technology.

Sharing Requests work using Public Key Cryptography to agree a secret encryption key with the recipient of your request link. This ensures your transfers remain private to just you, whilst keeping the experience smooth and low-friction for your customers. Files shared with you are accessible for up to 30 days and only by you.

New ASM Features and Improvements | March 2025

Tue, 01 Apr 2025 00:00:00 +0000

Introduction

We have a number of updates to highlight for you this month, ranging from web component detections to user preference improvements.

Read below for details on the following:

Detection of the Hunk companion Wordpress plugin
Configurable user session timeouts (Enterprise)
Improvements to user preferences navigation
‘Last active’ data for organisation users
End of scan actions link
New options to control table data views

Detection of the Hunk Companion Wordpress plugin

In December 2024, a critical vulnerability was discovered for the Hunk Companion Wordpress plugin. It can be difficult to stay on top of the latest vulnerabilities, especially if you can’t monitor the latest cyber security news all the time. Thankfully ASM continuously monitors your public infrastructure for you, alerting you to new risks.

Fixing Golang SSH Authentication Issues in WSL with Git and Private Repos

Wed, 26 Mar 2025 00:00:00 +0000

This post highlights a few problems with the way the Golang - specifically the go get command - works when using private repositories and SSH authentication, alongside the Windows Subsystem for Linux (WSL). This post goes into details of workarounds, as well as some security tips.

TL;DR

Here is a quick overview of the key points to make it all work nicely:

Set an environment variable export GIT_SSH_COMMAND="ssh.exe -i github.com" before using the go get command, making sure to also have a SSH configuration file in place.
Choose a SSH agent to deal with SSH keys with passphrases.
Create a git rewrite rule to force SSH authentication instead of HTTP.
Create an alias to SSH (ssh.exe) inside WSL for general git activity.

The Problem(s)

Well, there are actually a few I wanted to solve. The first is that the go get command doesn’t respect your SSH git configuration, even if you set a ~/.gitconfig file for that repository, or globally. Both are ignored when trying to download a private repo from GitHub, which is a problem for internal projects that rely on some private repos.

New ASM Features and Improvements | February 2025

Wed, 05 Mar 2025 00:00:00 +0000

Introduction

With Spring (meteorological) and the welcome appearance of snowdrops and daffodils almost here for those of us in the northern hemisphere, we have another blog to brighten your day (a little poetic license may be required). We’re always working away on improvements behind the scenes, but here are a few changes visible in the user interface, including:

SSO for Microsoft Entra
Ignoring multiple risks
Resolved dates for actions

Entra SSO for Enterprise and MSP plans

Since writing this blog we have added support for additional SSO providers, see our FAQ for more details.

Why You Should Stop Using Email Attachments (and What to Do Instead)

Wed, 19 Feb 2025 00:00:00 +0000

This article discusses the issues and risks associated with data transfer via email attachments and suggests improvements that organisations can make to help improve their cyber security.

I will start this blog with the rather bold statement ‘We should all stop sending email attachments – right now!’. Now, this is an overly generalised and slightly exaggerated statement, but behind it there are genuine reasons why businesses may want to establish mechanisms and encourage users to minimise the use of email attachments for information sharing – especially with recipients outside of their organisation.

How to Build a WireGuard VPN to Protect Cloud Administration

Tue, 18 Feb 2025 00:00:00 +0000

This blog covers how you can reduce your cloud administration attack surface using a Wireguard VPN in Google Cloud. In a following blog post we’ll build it with Terraform.

Introduction

A popular use of Virtual Private Networks (VPNs) is to provide additional privacy on the traffic leaving and entering a computer. That and watching “video content” restricted to geographical regions. This article is about neither of these.

One of the things we do at Hexiosec is build cloud infrastructure. Creating cloud infrastructure on the Internet means you need to manage it also from the Internet. And this means private, privileged interfaces to your infrastructure are exposed to everyone else on the Internet. As the UK NCSC recommends, avoiding exposing management interfaces reduces your attack surface. One way this can be achieved is by only allowing connections to the management interfaces from a pre-determined list of IP addresses (enforced by the firewall/security rules). But this leaves us with the problem: ‘what if we don’t have a fixed IP to work from?’. This is what that this blog is about. We will build a locked down relay box with a fixed IP address that we securely route our traffic via where we’re working.

The Power Of Attack Surface Management for Asset Discovery

Wed, 05 Feb 2025 00:00:00 +0000

This blog explains what we mean by online assets, why they can be difficult to manage, and how that could impact security. Most importantly, it explores how Hexiosec ASM helps organisations of all sizes discover and manage their online assets.

What are online assets?

Simply put, online assets are resources directly connected to the Internet. For most companies, that means websites and cloud applications and services.

On-premises servers and appliances often host services that are exposed to the Internet - especially VPNs, network appliances, or remote access services. Others are typically only accessible over a local network or an incoming VPN connection.

New ASM Features and Improvements | January 2025

Thu, 30 Jan 2025 00:00:00 +0000

Introduction

There are no January blues at Hexiosec, and certainly not where attack surface management (ASM) is concerned. We have plenty of new features to tell you about this month.

Read on.

Total scan size

To help our MSP customers with clarifying the size and cost of their client’s scans, and indeed to help all our customers understand the size of each scan, there is now a new ‘Size’ value displayed at a few points in the app.

The Power of Automated Asset Discovery Done Well

Mon, 13 Jan 2025 00:00:00 +0000

What is asset discovery?

In cyber security, asset discovery is a foundational process of attack surface management (ASM), also known as external attack surface management (EASM). Asset discovery involves identifying, enumerating and cataloguing all the devices, systems, and software that might be exposed to potential attack from the open internet.

When asset discovery is further combined with the vulnerability detection and vulnerability assessment methods of attack surface management, it becomes truly powerful and allows an organisation to understand what it needs to protect, where vulnerabilities might exist, and how to mitigate the risk of attacks from hackers exploiting those vulnerabilities.

New ASM Features and Improvements | December 2024

Thu, 09 Jan 2025 00:00:00 +0000

Introduction

Happy New Year, and welcome to 2025! We’ve already started planning the updates we’ll be bringing to Hexiosec ASM in the coming year, and we will have some exciting features to tell you about in the coming months, keep watching this blog for future updates.

In the meantime, December 2024 updates included some changes you will already see in the app. We’ve:

included a new asset management page to manage IPs in a scan
made it easier to manage and navigate your organisation’s settings

New IPs page (Asset Management)

To give you more ways to view scan data, such as components and services, we will be adding various new asset management pages to Hexiosec ASM. The first of these new pages is for IP addresses, and means that we have also added a new sidebar grouping for all app pages relating to Asset Management.

How To Prepare For a Safer Christmas

Wed, 11 Dec 2024 00:00:00 +0000

Why is Christmastime a target?

The holiday season is upon us; for many, it is a time for celebration and relaxation after a busy year. Unfortunately, it’s also prime time for cybercriminals.

In December 2023, there was a surge in cyber-attacks, with an increase of 187% for security-related incidents, and a staggering 332% increase in breached records. Cybercriminals are looking to take advantage as businesses wind down for the festive break.

New ASM Features and Improvements | November 2024

Thu, 05 Dec 2024 00:00:00 +0000

Introduction

With the festive season upon us, our Hexmas elves have been busy working on new features, merrily improving the system, and have readied a few treats for our ASM users to unwrap early:

A new credit-based system to manage scan allowances
Added annotations for notable events on the scan timeline charts
Improved identification of seed web presence, with click-through

Scan credits

We’ve made some behind-the-scenes changes to how we manage scan allowances and automate monthly allocations. These, like rescan allowances, are now credits-based. This change won’t impact how ASM is used, or change any existing allowances, but users may notice a few subtle UI differences on the usage page and around the app.

Even Cheaper Private Kubernetes

Wed, 04 Dec 2024 00:00:00 +0000

In a previous blog we showed how to build a cheap Kubernetes project, avoiding some of the bigger costs involved in hosting a cluster. That blog got a lot of attention, so here is a much improved follow-up. In this blog I’ll show how to build an even cheaper and more secure Kubernetes cluster for small projects.

A few years ago now we published a concept for hosting Kubernetes on Google Cloud Platform for less than £20 pcm. It’s fair to say quite a lot has changed since then, but irrespective of resource price increases, a lot of providers still support a generous free tier to help you build up your own expertise in their product offering.

Testing Smart Device Privacy - Our Work for Which?

Tue, 05 Nov 2024 00:00:00 +0000

We worked with Which? (A.K.A The Consumers’ Association) to look at how privacy is (or isn’t) implemented on common smart devices

Introduction

Today sees the publication of the write-up of some research into the privacy of some smart devices that we completed in September alongside Andrew Laughlin at the Consumers’ Assocation (aka Which?).

We’ve worked with Andrew and Which? over the years on various bits of security research, including on smishing, routers and the online attack surfaces of banks and big organisations. Whilst this work was analogous to security testing, this time the we instead were chiefly concerned with user privacy.

New ASM Features and Improvements | October 2024

Thu, 31 Oct 2024 00:00:00 +0000

Introduction

The engineering team are working on some bigger features, and we will bring you updates on these when they are released. In the meantime we’ve got a couple of new UI features to highlight:

Dark mode
Seed searches

In addition, we’ve got some new knowledge base articles to let you know about.

Dark mode

There are some never ending debates in IT and programming, tabs vs spaces, Vim vs Emacs, where to put your curly braces, AI vs If statements, all very important… and dark mode vs light mode is one of those debates. Personally I like both, it depends on the time of day and lighting. As the nights draw in, and a certain day gets closer, one upside is that I’ll get to use the new dark mode setting in Hexiosec ASM.

New ASM Features and Improvements | September 2024

Mon, 14 Oct 2024 00:00:00 +0000

Introduction

The obvious big update from us this month is our rebrand, and the aligning of our product and service offerings under one brand, Hexiosec. But, that isn’t to say we haven’t been busy improving the application, now called Hexiosec ASM (Attack Surface Management).

Rebrand

Our CEO David has written a great blog on our rebrand, the reasons why and the tricky problem of trying to find a unique (and sensible) name. You can read his blog here.

We've Rebranded to Hexiosec

Mon, 30 Sep 2024 00:00:00 +0000

Announcement: We are now ‘Hexiosec’

We’re very excited to announce that as of 30th Sept 2024 we have become ‘Hexiosec’.

Key Facts

Red Maple Technologies Limited has changed name to Hexiosec Limited. Note the legal entity remains the same - this is just a company renaming exercise.

FractalScan Surface has become Hexiosec ASM, or Hexiosec Attack Surface Management in its longer form.

Trebuchet, our secure and private file transfer platform, has become Hexiosec Transfer for our Enterprise customers, though will remain as the Trebuchet for individuals.

New ASM Features and Improvements | August 2024

Tue, 03 Sep 2024 00:00:00 +0000

Introduction

There is lots to share this month - read on to hear about some great features we’ve rolled out in the last month:

Handling for Apache backporting and associated risks
Using the public API to generate and download reports
Showing client-side redirects in the Web Presence page
Highlighting certificates with an validity period of over 90 days

Apache backport handling

We pride ourselves with Hexiosec ASM that the attack surface results we produce are accurate and, despite the fact we operate in a passive manner, represents discovered infrastructure and risks very well. There will always be some challenging scenarios when determining risks, and Apache backports is one of those scenarios, but we now help you manage this.

New ASM Feature - Apache Backports Reporting

Sat, 31 Aug 2024 00:00:00 +0000

Introduction

When building Hexiosec ASM, something we have always felt strongly about is ensuring we present accurate results, which also takes into account factors you can’t see on the surface. Some scenarios can be more challenging than others, especially if it becomes a choice between showing a potentially serious risk or not.

Apache backports (see below) is one such scenario… But we are excited to introduce a new feature in Hexiosec ASM that clearly highlights the impacted risks, and allows you to choose if these risks are included in your scans results.

New ASM Features and Improvements | July 2024

Wed, 07 Aug 2024 00:00:00 +0000

Introduction

This month the engineering team have been busy updating our backend processing and data storage, as well as a number of improvements to your Hexiosec ASM experience. Read on to find out more.

System improvements - weekend maintenance

You may have noticed that we scheduled a period of maintenance for Hexiosec ASM over the weekend of the 20-21 July. This was to enable us to update our system and make some changes in how we processes and store Hexiosec ASM data. The updates have resulted in some immediate improvements to scan times as well as overall performance benefits in the app.

New ASM Features and Improvements | June 2024

Fri, 28 Jun 2024 00:00:00 +0000

Introduction

This month we’ve added improvements to Hexiosec ASM, to help you gain more insights into scan results, and to check the security of your own Hexiosec ASM users.

In this blog we’ll describe how you can now see which of your Hexiosec ASM user accounts have MFA enabled, and how an update to the certificates widget allows you to list which certificates have expired.

Visibility of certificate expiry

An expired TLS certificate or one nearing expiry can impact the security of the domains it is securing, and to protect people browsing the web, most modern browsers will stop users accessing websites which have expired certificates.

New ASM Features and Improvements | May 2024

Fri, 31 May 2024 00:00:00 +0000

Introduction

May has seen some more great additions to Hexiosec ASM with better visibility of your rescan allowances, better management of scan group memberships and weekly confirmation emails for Free accounts.

Better visibility of rescan allowances

The rescan functionality in Hexiosec ASM is now more prominent and it’s easier to see your allowances. Rescans are particularly useful for ad hoc scans, for example, if you are using them for prospecting as part of a pre-sales process that can run for a few months, refreshing the scan results by rescanning can help to keep conversations up to date and relevant. However Hexiosec ASM does support separate rescan allowances across all three scan types.

An Introduction to DORA & How ASM Supports Compliance

Fri, 17 May 2024 00:00:00 +0000

What is DORA?

The Digital Operational Resilience Act (DORA) establishes a unified ICT risk management framework for the EU financial sector, requiring the implementation of technical standards in ICT systems by January 17, 2025. The regulation aims to standardise risk management rules across the EU, ensuring consistent standards and strengthening the resilience of the EU financial system.

Who Does DORA Apply To?

DORA applies to a broad range of financial institutions within the EU, including banks, investment firms, credit institutions, crypto-asset service providers, and crowdfunding platforms. It also covers third-party service providers that offer ICT systems and services to financial firms, such as cloud services and data centres.

New ASM Features and Improvements | April 2024

Mon, 29 Apr 2024 00:00:00 +0000

Introduction

We have released a couple of new, exciting features this month that will help improve your experience with Hexiosec ASM. Simplifying the invites process and improving how IP range seeds are processed will save you time and make sure you get the most out of your scan allowances.

Roles & groups on invites

The Admin or Owner role is required to create and manage invites for new users.

The process of inviting a new user to your organisation has been streamlined, allowing you to select the relevant role and groups for the new user at point of invitation. This makes it quicker and easier to get new users set up.

Managing Apple Devices in Microsoft 365 With Intune

Wed, 24 Apr 2024 00:00:00 +0000

Whilst it might occasionally make you shout and swear, it is possible to manage Apple devices from Microsoft 365 and Intune. This blog covers a crucial part of doing so - managing the connections between Apple and Intune.

Introduction

We’ve previously written a two-part guide on getting started with Intune (part 1, part 2). Part 1 details the pre-requisites for managing Apple devices, and this blog expands on that by focussing on three connectors that you need to keep on top off.

New ASM Features and Improvements | March 2024

Thu, 28 Mar 2024 00:00:00 +0000

Introduction

March has seen lots of usability improvements go into Hexiosec ASM, making it easier for you to navigate around and drill down into the information you want to focus on.

Better guidance when creating new scans

Your Hexiosec ASM plan determines the scope of the scanning you can do, including:

The number of scans you can create.
The number of discovered IPs and domains there are in your scans.

We have improved the guidance when creating scans so you can understand the impact the new scan will have on your limits.

The Rise of Cyber Crime as a Service

Mon, 18 Mar 2024 00:00:00 +0000

Introduction To Cyber Crime as a Service

In today’s digital age, technology and the internet have become an integral part of our lives. However, this increasing reliance on technology has also opened the doors to a new and dangerous phenomenon known as “Cyber Crime as a Service.” This term refers to a model where cyber criminal tools, services, and expertise are made available to individuals or groups for a fee or subscription. It has democratised cyber crime, making it accessible to anyone with the financial means, regardless of their technical skills.

Check Your Business's Email Security: Download Our Essential Guide Now!

Fri, 15 Mar 2024 00:00:00 +0000

Why This Guide is Essential for Your Business

In an era where digital threats are evolving at an unprecedented pace, your business’s email security is the frontline defence against the sophisticated menace of phishing attacks. Whether you’re a start-up or an established enterprise, the consequences of a breach can be severe.

Download the PDF - “Email Security: Protecting your business from phishing attacks”

This guide is your business’s lifeline in the digital realm of email security. Here’s why it’s important to your business:

The Cyber Security Issues Facing The Legal Sector

Tue, 05 Mar 2024 00:00:00 +0000

Introduction

We recently co-hosted a webinar on cyber security in the legal sector with our partners at CloudGuard, and thought it would also be a good topic for a blog. We’ll cover much of the same here: why is the legal sector such a target for attackers, what can we learn from previous incidents, and what does Hexiosec ASM tell us about their attack surfaces.

New ASM Features and Improvements | February 2024

Thu, 29 Feb 2024 00:00:00 +0000

Introduction

With lots of new features underway to be delivered in the coming weeks, February’s Hexiosec ASM releases have seen a big focus on our data quality, and the speed and resilience of the system.

Improvements to performance

We have focused on two areas of performance - the time it takes for scans to run, and the time it takes for scans to load in the app. The main benefit you will see here is your larger scans will now open up much more quickly in the app, so you will be able to start exploring your results much faster.

Using HTTP Security Headers In Web Application Security

Wed, 28 Feb 2024 00:00:00 +0000

Introduction

Learn about HTTP security headers and their importance in web application security in this article. Understand their usage, their role in improving data privacy and mitigating cyber threats, and get practical tips for their proper implementation.

What is HTTP?

The internet operates like a complex maze filled with countless interactions between clients (such as your computer) and servers (which host the websites you visit). To manage these interactions efficiently, we need standardised protocols for communication. This is where HTTP (Hypertext Transfer Protocol) comes in. HTTP defines a set of rules for how clients and servers communicate.

New ASM Features and Improvements | January 2024

Fri, 26 Jan 2024 00:00:00 +0000

Introduction

December saw the launch of the Free Hexiosec ASM account, and after taking some time off for the Christmas break, the team have been hard at work again bringing new features and improvements to Hexiosec.

Free Hexiosec accounts

You can now try Hexiosec for free! This means you can start to understand the basics of your attack surface without spending a penny - all you need is a business email address.

What Is an External Attack Surface?

Wed, 13 Dec 2023 00:00:00 +0000

The current challenge

The IT infrastructure of any online company is quickly becoming more complex, distributed, sprawling and fluid – even for small companies. For large companies, keeping on top of what they have online can become an unmanageable task. As a consequence, too many cyber security incidents are caused by shadow IT, forgotten servers and neglected websites.

A typical company’s infrastructure is progressively spreading out from on-premise and subsidiary networks to the cloud. The increase in home working and remote access requirements also adds complexity. On top of this is the fact that infrastructure is always changing; whether through new resources, new or changed services, or more widespread changes due to company mergers and organisational changes.

What Is Hexiosec ASM?

Wed, 13 Dec 2023 00:00:00 +0000

What is it?

Hexiosec ASM, an Attack Surface Management Solution, is our first product to be released as part of the Hexiosec family. But what exactly is an Attack Surface Management Solution?

In short, Hexiosec is a tool that is used to discover and assess the security of your organisation’s online presence.

Anyone that uses the Internet for any part of their business practices is at risk of cyber security attacks, which are recorded in the media all too often. The effect can cause reputation and customer loss, decline in revenues, loss of competitive advantage, loss of data or exposure, and employees’ inability to be fully productive. Therefore, mitigating against this happening is something all companies need to take seriously.

Analysing IoT Device Network Traffic with VMware Bridge

Tue, 12 Dec 2023 00:00:00 +0000

If you have an IoT device that you want to inspect or analyse, this blog details how to configure a network monitoring setup using a Windows laptop that has two network interfaces (Wi-Fi and Ethernet), VMware and the bridged network feature.

Background

I recently ran into the problem where I needed to build a network interception capability for an IoT device, but didn’t have a spare Wi-Fi USB adapter on hand. Normally I would set up a Wi-Fi network, configure some port forwarding and connect the desired device to it. A few years ago I wrote a blog post about this approach.

New ASM Features and Improvements | November 2023

Wed, 06 Dec 2023 00:00:00 +0000

Introduction

As we head towards the end of 2023, the Hexiosec ASM development team have been very busy continuing to add new features and improvements.

Improved mobile user experience

The power of Hexiosec ASM is in the vast quantity of data that it finds and displays about your attack surface, so in most scenarios using a big screen is going to help you get the most out of it. However there are some scenarios where using Hexiosec on the go is valuable, for example when you’re meeting with customers you may wish to consult their scan overview or kick off a new scan.

Hype or Reality: Will Quantum Computing Break Encryption?

Thu, 23 Nov 2023 00:00:00 +0000

This article explores the relationship between quantum computing and encryption, detailing that while quantum computers could break current encryption methods, this threat is not immediate due to technological limitations. It also highlights ongoing work in creating quantum-resistant encryption to secure our digital future.

Background

Quantum computing has been a topic of interest for technologists, cryptographers, and security professionals for quite a while. The prospect of quantum computers, with their massive computational power, and potential for breaking existing encryption schemes has been a matter of ongoing discussion.

What policies do I need in place as a small business?

Wed, 15 Nov 2023 00:00:00 +0000

If you’re running a small business, you may not have thought about all the policies you must have in place, let alone those you should have in place. As with many things, it’s better to be pro-active, as scrambling to produce a policy document that’s been asked of you from a potential customer, or worse, from an employment tribunal, is not fun for anyone. This blog provides an introduction to the different requirements, and gives some pointers for getting started.

New ASM Features and Improvements | October 2023

Tue, 07 Nov 2023 00:00:00 +0000

Introduction

October has been another busy one for the Hexiosec ASM team, with even more data being added to our public API as well as summary report co-branding.

More discovery data available from the public API

Integrating Hexiosec ASM into your wider toolkit is a great way for your team to work more efficiently. We are committed to continuing to add more data and capabilities to make sure you get the most out of it. Last month we added the ability to get domain information from the API and this month we have also added endpoints for IPs, web presence and out of scope domains. Full details of the new endpoints can be found in our public API documentation.

Vulnerability Identification: Key Concepts And Terms Explained

Tue, 24 Oct 2023 00:00:00 +0000

Introduction

Every day, new cyber threats emerge, targeting organisations and systems worldwide. To manage these threats effectively, it’s crucial to understand the core concepts of cyber security and vulnerability identification systems.

This blog post provides a guide to key vulnerability identification systems in cyber security and explains how they interconnect to manage vulnerabilities. It introduces the following terms:

The Common Vulnerabilities and Exposures (CVE) system
The National Vulnerability Database (NVD)
The Common Vulnerability Scoring System (CVSS)
The Known Exploited Vulnerabilities (KEV) catalogue
The Common Platform Enumeration (CPE) system

Understanding Vulnerabilities and Exploits

At its core, a vulnerability is a flaw or weakness in a system’s design, implementation, or operation that can be exploited to violate the system’s security policy. These can take various forms, such as buffer overflows, injection flaws, and insecure default configurations.

Exploiting DLL Hijacking in Windows Electron Apps

Wed, 18 Oct 2023 00:00:00 +0000

This blog shows how to identify and abuse DLL hijacking vulnerabilities in Windows Electron apps, as well as the process of developing a proof of concept that utilises DLL proxying. Here we use the Bitwarden Desktop app as an example Electron application, but note that this vulnerability may apply to all Electron apps, including 1Password, Slack, Discord, WhatsApp, Microsoft Visual Studio Code, Microsoft Teams, and many others.

NOTE: If users are concerned about this issue with Windows applications installed in single user mode, they can uninstall the app and reinstall it for “Anyone who uses this computer (all users)”, which requires admin rights. When installed for “all users”, Windows itself has more stringent security controls about replacing DLLs and disallows this behavior.

ASM: The Missing Piece In Your Cyber Security Strategy

Fri, 06 Oct 2023 00:00:00 +0000

Introduction

Learn how Attack Surface Management (ASM) improves cyber security by offering a comprehensive perspective on potential entry points. If these are not correctly identified and remediated, they could be exploited by attackers.

The overlooked importance of ASM

In cyber security, organisations often face the challenge of selecting suitable tools to integrate into their defence strategy. One crucial component that is frequently overlooked is Attack Surface Management (ASM), also known as External Attack Surface Management (EASM). ASM plays a vital role in identifying vulnerabilities and minimising the risk of cyber attacks. Simply put:

New ASM Features and Improvements | September 2023

Mon, 02 Oct 2023 00:00:00 +0000

Introduction

With many of the team coming back from summer holidays this month, we’ve been pushing forward with new features to improve your Hexiosec ASM experience.

Discovery data from the public API - Domains

The Hexiosec ASM public API already provides you with the ability to create and manage scans, manage your organisation’s groups and obtain the details of action’s and their risks.

As a first update to start providing discovery data over the API, you can now use the public API to get in-scope Domains (and linked information) from a scan. This will allow you to extract discovery data from Hexiosec for integration with your own systems or 3rd party applications.

Scanning All UK Local Authorities - Our Work With The CCoE

Mon, 02 Oct 2023 00:00:00 +0000

The mission

Our mission is to help protect citizens and businesses from cyber-attacks, and so we are delighted to have partnered with the Cyber Centre of Excellence (CCoE) to use Hexiosec ASM to measure and assess the cyber risk of all 382 local authorities across the UK.

The CCoE are very forward-looking and a fantastic resource for the public sector. From their website:

The Cyber Centre of Excellence (CCOE) is an initiative aimed at all local authorities and UK public bodies to help them stay abreast of cyber threats and give them access to military-grade protection at high street prices.

Getting Started with Microsoft Intune - Part 2

Wed, 27 Sep 2023 00:00:00 +0000

The first part of this blog introduced device management and some of the Intune basics. This follow-up covers all the initial setup required for getting Intune deployed.

Setup

Intune is all managed from the Endpoint Console, which as per usual, has a new UI coming out. There’s also device-related panels in the main admin page, the security pages, and AzureAD/Entra. The following sub-sections list most of the important parts of the various consoles.

Getting Started with Microsoft Intune - Part 1

Thu, 14 Sep 2023 00:00:00 +0000

A recent report has confirmed what many of us suspected: unmanaged devices are still very common amongst many companies around the world. For those on Microsoft 365, the native option for device management is Microsoft Intune, which comes with some Microsoft 365 licenses. This two-part blog details all the basic and intermediate things you’ll need to know to get started with Intune, but still only covers a proportion of all that Intune can do.

New ASM Features and Improvements | August 2023

Mon, 04 Sep 2023 00:00:00 +0000

Introduction

August has been another busy month for the Hexiosec ASM team, with yet more improvements to our software component detection, and a new Domains export function added.

Improved component detection on websites

Hexiosec ASM can reveal the technology stack of any website including frameworks and JavaScript libraries. We have made improvements to Hexiosec ASM’s technology profiler which performs this task. The technology profiler now searches for over a thousand technologies. With increasingly thorough component detection, Hexiosec ASM is able to identify a broader range of risks for vulnerable software components that are present on websites.

Microsoft 365 Email Protections Settings For Administrators

Wed, 23 Aug 2023 00:00:00 +0000

Following on from our first blog on how to inspect suspicious emails, this part looks at what Microsoft 365 administrators can do to prevent suspicious emails getting to users in the first place.

Introduction

From an administrator’s perspective, when it comes to security protections email is still complicated to properly set up.

As with many areas of cyber security, there are a raft of expensive options for enterprises but not so much within the budget of smaller companies. Of course, there are relatively expensive options for enterprise email security from Mimecast, Proofpoint, Symantec et al. All these applications can be effective, but anecdotally do require regular administration and can annoy users.

How to Safely Check Suspicious Emails

Thu, 10 Aug 2023 00:00:00 +0000

Ever received an email but weren’t sure if you could trust it? Of course you have. This blog provides some easy and then (moderately) technical instructions for inspecting a suspicious email. In the second part of the blog, we focus on what Microsoft 365 administrators can do to limit the amount of dodgy emails users get in the first place.

Introduction

Everyone in the world, if they have an email account, has probably received a suspicious email. For regular users, it’s often hard to know when to trust an email, and people can be torn between not wanting to miss something important and not wanting to make a cyber security mistake.

Hexiosec ASM Is Now Available Through Emerge Digital

Tue, 08 Aug 2023 00:00:00 +0000

We are thrilled to announce the partnership between Hexiosec and Emerge Digital, bringing enterprise-grade attack surface management to their SME customers.

As a managed service provider Emerge Digital are committed to ensuring the cyber security of their customers, and the addition of Hexiosec to their OnyxSecure product suite further strengthens their commitment to protecting their customers’ most valuable assets.

The inclusion of Hexiosec opens up new capabilities for Emerge Digital, with continuous scanning allowing them to proactively address issues for their customers and reduce their vulnerability to cyber-attacks.

New ASM Features and Improvements | July 2023

Tue, 01 Aug 2023 00:00:00 +0000

Introduction

We’ve had another busy month at Hexiosec ASM HQ improving our data and user experience in the ASM platform.

Additional data & filtering on the Domains page

The Domains page is a really useful way for people to see what domains they actually have publicly visible on their attack surface. We’ve added some extra data to this view to make it even easier to manage. This includes:

DNS destination - the IP addresses or domains listed in the DNS record for the domain.

New ASM Features and Improvements | June 2023

Sat, 01 Jul 2023 00:00:00 +0000

Introduction

June has been an exciting month for Hexiosec ASM, we’ve introduced the ability to create new scans via the public API, as well as the launch of our Documentation site.

Create a scan via the public API

Before now, our public API was just a great way to get data for your scans on Hexiosec ASM in an efficient way. Now you can start new scans too.

The API endpoints are fully documented in our API documentation, but in summary there are three steps you need to take to create a new scan, similar to the UI journey you will already be familiar with:

Setting up Guest Account Access in Microsoft 365

Thu, 22 Jun 2023 00:00:00 +0000

Introduction

Guest access in Microsoft 365 is a great way of securely collaborating with people outside of your organisation. You can share and collaborate on files, and chat in Teams, all while keeping control of your data inside your tenant. But there’s a clear security risk in letting anyone with an email address get to your organisational data. This blog runs through the steps required to configure guest access with sensible security options.

The MOVEit Hack - The Insecurity of Security Products

Mon, 12 Jun 2023 00:00:00 +0000

A short blog on the MOVEit hack that’s still in progress, but has already affected a number of large organisations in the UK.

The Incident

So what’s the problem? It’s a critical zero-day vulnerability in MOVEit, which is a file transfer application that runs from a locally installed server (there is also a cloud version, which is unaffected by this issue). The vulnerability, which is a SQL injection leading to full database access, is being tracked as CVE-2023-34362. There is already a patch for it, as there is for some new SQL injection vulnerabilities found during a security review that followed the previous issue, and was disclosed over the weekend.

Hunting for Bitwarden master passwords stored in memory

Thu, 08 Jun 2023 00:00:00 +0000

A blog post on how I was able to identify unknown master passwords stored in the memory of the Bitwarden web extension and desktop client, after a vault has been locked. I also cover the decisions made for developing a proof of concept to automate the process of extracting potential passwords.

TL;DR

It is possible to identify unknown Bitwarden master passwords in memory, even after a vault is locked. We developed a proof of concept tool, called BW-dump, that works on Windows platforms. It was tested with Bitwarden desktop app version (2023.2.0).

New ASM Features and Improvements | May 2023

Thu, 01 Jun 2023 00:00:00 +0000

Introduction

May has been another busy month for the Hexiosec ASM team, with lots of new features and improvements being delivered.

This includes a new report type with more detail on your actions, risks and assets, and “Checks” showing you details of what Hexiosec ASM is checking for.

See what Hexiosec ASM is checking for

One of the reasons companies invest in attack surface management tools is to have peace of mind that their company is being monitored for vulnerabilities.

Simplify Your Cyber Risk Management with Actions

Fri, 26 May 2023 00:00:00 +0000

The first step when looking to improve your cyber security posture is understanding the risks you are vulnerable to, but once you have visibility of these risks, you then need to plan how to tackle them.

Hexiosec ASM’s powerful Actions feature helps you to understand and prioritise the actions you need to take to improve the security of your attack surface.

What is an Action?

As the name suggests, an ‘Action’ is a thing you need to do to resolve one or more risks against your attack surface. Instead of just giving you a long list of risks for you to investigate, Hexiosec groups your risks together based on the resolution required and the domain or IP address the risks are against.

NIS Regulation Changes Impact On Managed Service Providers

Tue, 09 May 2023 00:00:00 +0000

Introduction

With the ever increasing the number of cyber attacks resulting from vulnerabilities within the supply chain, the UK Government are planning to widen the scope of the NIS Regulations to include Managed Service Providers (MSPs). This blog takes a look at the specifics and what this all means for MSPs in the UK.

What are the current NIS Regulations?

The UK Network and Information Systems (NIS) Regulations 2018 derive from EU law and were enacted into law in May 2018. They aim to set a high level of cyber security for providers of critical infrastructure and essential services, and they provide a legal framework on which service providers can be held liable for not complying - up to £17M depending on the severity of the impact or potential impact.

New ASM Features and Improvements | April 2023

Wed, 03 May 2023 00:00:00 +0000

Introduction

April has seen the introduction of change notifications into Hexiosec ASM, alongside a number of other improvements. Keep reading to find out more.

Change notifications

For your continuous Own Asset or Third-Party Monitoring scans you can now set up notifications to alert users in your organisation to key changes between the iterations. Change notifications can be set up to alert you of:

Newly identified risks with a given severity.
Risks that are no longer present with a given severity.
Newly discovered domains.
Domains that are no longer discovered.
Newly discovered IPs
IPs that are no longer discovered

By default, you will receive change notifications for new & removed risks, severity high or above. What you get notified of can be varied by scan type, meaning you can have different alerts for scans of your infrastructure to those of any third parties you are monitoring.

Get The Most Out Of Your Hexiosec ASM Notifications

Mon, 24 Apr 2023 00:00:00 +0000

Hexiosec ASM supports a number of notification options to help you manage your attack surface effectively. This guide will give you an overview of the options you have and some tips to help understand your results.

Hexiosec ASM supports 3 types of email notifications:

There are changes in your scan results
A scan you have run has completed
A report you have generated is ready

Scan Changes notifications

Most people won’t have the time to study their attack surface scan results in great detail every day. Hexiosec ASM allows you to set up notifications to be alerted to any changes to your scan that are important to you.

New ASM Features and Improvements | March 2023

Tue, 04 Apr 2023 00:00:00 +0000

Introduction

March has been a significant month for Hexiosec ASM, seeing the launch of our public API, amongst many other great new features. Read on to find out more.

Public API

Hexiosec ASM now has a public API available allowing you to programmatically access your scan data. Using your existing Hexiosec login, you can easily generate an API key to start accessing your data.

Data available via version 1 of the API includes:

New ASM Features and Improvements | February 2023

Tue, 28 Feb 2023 00:00:00 +0000

Introduction

February has been another month of adding great new features and updating existing functionality. Read on to find out more.

A big new feature: “Actions” - which group risks into actionable tasks

Scans will now create “Actions”. Actions group together risks into actionable items that you can track. For example, Hexiosec ASM may detect lots of Content Security Policy (CSP) risks associated with a particular website and will create a single Action to group these together.

Hexiosec ASM Used for Which? Banking Survey

Fri, 10 Feb 2023 00:00:00 +0000

We’ve worked again with Which? (aka the Consumers’ Association) to undertake an in-depth study into the cyber security posture of the UKs leading banks, focussing specifically on their online and app security.

Use of Hexiosec ASM for the study

Our consulting team used Hexiosec ASM extensively for this study, to automate what would otherwise have been a very laborious task of online asset discovery (often call ’enumeration’), and the matching of finding against known vulnerabilities and configuration errors.

New ASM Features and Improvements | January 2023

Thu, 09 Feb 2023 00:00:00 +0000

Introduction

Hexiosec ASM’s development team have started 2023 with some great new features and updates to existing functionality. As well as updates available now, we have some exciting new features in progress, which you can expect to see soon. Read on to find out more.

Risks over time

Being able to see how many risks there are over time provides an important insight into the state of your infrastructure and can highlight significant changes and trends. Hexiosec ASM already provides risk counts in the reports it generates, and this is also now available in the app.

Identifying Vulnerabilities In Boa Web Servers

Wed, 08 Feb 2023 00:00:00 +0000

The Boa web server - what is it?

The Boa Web Server was discontinued in 2005, but was a popular web server embedded in IoT devices to access configuration settings.

Why should we be concerned?

Microsoft recently did a survey (Vulnerable SDK components lead to supply chain risks in IoT and OT environments) and found over 1 million Boa web servers exposed on the internet. This is even more concerning given Boa has vulnerabilities that won’t be patched, including:

Testing The Cyber Security Of UK Banks With Which?

Tue, 07 Feb 2023 00:00:00 +0000

Every year the consumer organisation Which? undertakes in-depth testing on the cybersecurity posture of the UKs leading banks. From established high street names to new online-only services, the report aims to give consumers a clear picture on how seriously these companies take their cybersecurity.

Hexiosec have provided Which? with technical cyber security expertise on a variety of reports and tests over the years, so we were more than happy to conduct the testing for this article; and of course, much of the online discovery and analysis work was automated using our own attack surface scanning platform Hexiosec ASM.

Discovering Vulnerabilities In The Iris Mobile App & API

Mon, 09 Jan 2023 00:00:00 +0000

Affected products

The Iris mobile app from Crocus, version 1.3.7 and related backend API (iris-api.crocus.co.uk).

It’s available on the Apple App Store and the Google Play Store.

Note: all issues mentioned in this advisory have now been fixed.

Risk

Leakage of Personally Identifiable Information (PII), specifically email addresses and full names of all registered users. The only requirement is having a registered account, or more specifically, a valid authorization bearer token.

Summary

We found four issues found with the app and its backend API:

New ASM Features and Improvements | December 2022

Fri, 06 Jan 2023 00:00:00 +0000

Every month we strive to make Hexiosec ASM even better and December was no exception. Our team of engineers added some exciting new features to improve the performance and usability of the product, especially for those looking for greater control over their scans.

Scan creation and scan types

When creating a scan, we have made the scan types and quotas available to you clearer.

You can now see your credit balance, as well as the types of scans available for your organisation depending on your objective (The available options will depend upon your subscription type).

New ASM Features and Improvements | November 2022

Wed, 07 Dec 2022 00:00:00 +0000

As always and in the lead up to the festive period, the team have been working hard adding new features to Hexiosec ASM. It’s been great for us to engage with our growing user base and understand their needs and how different people interact with the application. This allows us to really focus our engineering time in the most effective way and make sure we’re continuing to improve Hexiosec ASM.

A lot of the engineering effort this month has been focussed on updates and efficiencies for how Hexiosec gathers and processes data, so improvements you won’t directly see in the application but will be improving your experience.

Go Big Int (or go home)

Wed, 30 Nov 2022 00:00:00 +0000

This blog exists largely because I was pleased with the title. But also because there aren’t many resources or examples of doing things with the big number library in Go.

What is it?

The math/big package implements three types, big.Int, big.Float, and big.Rat (for rational numbers) for “arbitrary-precision arithmetic (big numbers)”, as well as a bunch of useful functions for working with big numbers. See the documentation here.

If you’re doing anything with properly big numbers, like those found in cryptographic primitives, you can’t avoid using them. But they are somewhat idiosyncratic, and require a different way of doing even basic operations.

Parental Protections Pose Problems for PlusNet Pixel Patching

Mon, 28 Nov 2022 00:00:00 +0000

If you have got yourself a nice new Pixel 6, and happen to be on PlusNet broadband, have you noticed that the update feature doesn’t work? That happened to me, and with a bit of technical investigation I figured out the problem: It’s PlusNet’s parental control filtering.

The Pixel Problem

After having my Pixel 6 device for a number of months, I was chatting with a colleague and we happened to get onto the exciting topic of Pixel 6 updates. I was surprised to discover that my device had not installed any updates since I purchased it a number months ago, despite updates being available and pushed out by Google. My phone knew that updates were available, but seemed unable to download the update package, as shown in the screen recording below.

Are Big Companies Getting Email Security Right?

Mon, 21 Nov 2022 00:00:00 +0000

We recently wrote a guide into the basic email security configuration, which includes SPF, DKIM and DMARC. Good practice for all three is well established, and making a mistake could affect how reliably email from your domain is received by the intended recipients. So how well are big companies doing at getting it right? This blog covers some survey research we completed, which shows big companies are far from perfect

Overview

We have our own tool, written in Go, for grabbing and inspecting a given domain’s email configuration. We use it for consultancy, and it’s now integrated into Hexiosec ASM:

New ASM Features and Improvements | October 2022

Tue, 01 Nov 2022 00:00:00 +0000

Unlocking the power of Hexiosec ASM for many!

We have been working hard over the past month making Hexiosec ASM, our attack surface management product, even better with lots of features and improvements throughout the app.

In particular, we have focused on making Hexiosec even more useful for those who make and manage many different scans. This includes a wide variety of users who have a need to understand the cyber risks and attack surface across their own online assets, third-party vendors, potential customers, or portfolio of businesses.

1 Million Websites - How Many Use Security.txt?

Wed, 26 Oct 2022 00:00:00 +0000

A standard way of publishing security points of contact is now a formal internet standard. If widely adopted, it would make it much easier to report potential security issues and vulnerabilities to companies. Interested in current adoption, we completed a survey to track usage in the top-million sites (Tranco list) on the Internet, top stock market (FTSE 100 and S&P 500) companies, and lastly, several UK financial firms.

TL;DR

If you already know all about security.txt files, head straight to the survey for the full results. Or if you are more interested in the tool, head over to the download section, which also includes the CSV survey data. Otherwise, keep reading.

Testing 25 of The Biggest UK Consumer Brands for Which?

Thu, 22 Sep 2022 00:00:00 +0000

Working with Which? (aka the Consumers’ Association), we used our new tool Hexiosec ASM to survey the online attack surfaces of 25 big UK companies across five different sectors. You can read the Which? article here, which puts the findings into context for consumers; we wanted to provide some more technical details on our approach and the findings.

Background

We’ve worked with Which? before, on spam text messages and reviewing ISP routers, so when Andrew asked if we could help with a new piece of research we were keen to help out. This was not paid work for us; we are happy to partner with Which? on important investigations, and it was a great opportunity to test our tool on some big companies.

New ASM Features and Improvements | September 2022

Fri, 09 Sep 2022 00:00:00 +0000

Hexiosec has been updated!

We are continuously adding new features and improvements to Hexiosec. Here’s a summary of what has been added over the last 2 months:

The scan dashboard has been replaced with the new and improved scan overview page.

You can now contact us inside the app. Want help with your scan or spot a problem? Get in touch easily.

We’ve been updating our remediation wording to be more helpful when reviewing a risk.

You now have more control over domains hosted on Content Delivery Networks (CDNs), making it easier to hide risks linked to IPs managed by a third-party.

Didn’t mean to delete your scan? No problem, you can now restore scans.

Getting started with the Windows Sandbox

Wed, 07 Sep 2022 00:00:00 +0000

Want to see where that dodgy link goes, install a temporary application or inspect a suspicious file? If you’re on Windows, if you enable the Sandbox it’s the perfect tool.

What is it?

Windows Sandbox is a convenient, pre-installed and licenced virtualised version of Windows. You can launch it, do what you want, and when you close it it’s all gone:

As the documentation says:

How Secure Is Your Supply Chain?

Thu, 01 Sep 2022 00:00:00 +0000

A ransomware attack on an NHS supplier has shown once again the damage an insecure supply chain can cause to organisations of any size.

On August 4th, 2022, service provider Advanced identified a ransomware attack against its infrastructure, taking offline vital services for the NHS including medical notes, patient check-ins and the NHS 111 services across a variety of regions.

Nearly 4 weeks on, NHS services are still having to use pen and paper to track vital patient information with this data then manually entered into the system. This extremely inefficient method is causing massive choke points in NHS services, with staff reporting it could take 6 months to manually enter the data.

Protect Your Domains From Email Spoofing & Phishing Attacks

Wed, 24 Aug 2022 00:00:00 +0000

The UK National Cyber Security Centre recently published a comprehensive guide on tips to protect government domains that don’t send emails from being used to conduct spoofing or phishing attacks. However, as good as the information is, there is always room for improvement…

Protecting Subdomains

The advice does provide a great summary of how to address a spoofing issue that many IT security staff may not have previously thought about. However, in the latter section, it says:

Email Security Basics - Ensuring Deliverability

Thu, 11 Aug 2022 00:00:00 +0000

It’s 2022, and even with all our technological advancements it’s still quite hard to properly configure sending emails from a domain. Whilst some services handle everything for you, many companies will have to manage some part of their email setup themselves. This typically means DNS records for SPF, DKIM and DMARC.

Whilst this only means three simple text entries with your domain registrar, it’s still quite easy to make a mistake. And doing so could affect whether people receive your emails, and how your cyber security is rated. This blog covers all three protocols, and provides tips and advice on how to set them up.

Analysing Mobile App Network Traffic with mitmproxy and StrongSwan

Wed, 27 Jul 2022 00:00:00 +0000

A how-to guide on setting up a StrongSwan IPSec (IKEv2) VPN server with mitmproxy to securely monitor and intercept HTTP/HTTPS network traffic, which aids mobile app analysis for both Apple and Android devices.

Introduction

What is StrongSwan?

StrongSwan is an open-source IPsec/IKEv2 Virtual Private Network implementation that uses strong encryption standards and authentication methods. It is supported by most modern OSes, such as Linux, Unix, Windows, macOS, and more. At Hexiosec we previously used it for our own hosted VPNs, including a monitored VPN service.

Avoiding MFA Mistakes With Microsoft 365

Tue, 03 May 2022 00:00:00 +0000

Confused by all the options for Multi-Factor Authentication on Microsoft 365? You’re not alone, it’s a common cause of security issues. But don’t worry: we tested three of the different options, so you don’t have to.

Background

The Threat

We really shouldn’t have to explain this any more, but Multi-Factor Authentication (MFA) is the best defence against account compromise, and can reduce the importance of passwords. You could even argue that MFA is more important than passwords, something we discussed in a previous blog. Whilst those in security or IT may be bored at having to evangelise MFA, unfortunately adoption is still no-where near where it should be.

Preventing S3 Bucket Misconfigurations in AWS

Mon, 28 Feb 2022 00:00:00 +0000

This article discusses cloud storage buckets, highlighting potential consequences of bucket misconfiguration. It also demonstrates a real-world example of how easy it can be to accidentally enable public bucket access in a manner that is not obvious to the un-trained eye.

Cloud providers such as Amazon AWS, Google Cloud Platform and Microsoft Azure have seen phenomenal growth over the last five years, as many organisations make the transition to cloud from on-prem hosted services.

Cyber Security Resolutions for Business Owners

Tue, 04 Jan 2022 00:00:00 +0000

It’s a new year, but in cyber security nothing much has changed. You probably still need to be concerned about phishing, ransomware, data loss and shadow IT. So why not start the year well, and add freshening up your cyber security to the list of resolutions, somewhere in between exercising more and drinking less?

I: Freshen up account security

How long until the first big account breach of the year? Sadly it’s probably not very long. Unless all of your team’s online accounts are in a good state, then there’s likely some updating to do. Everyone should make sure that all important passwords are complex, unique and stored in a password manager, and strong Multi-Factor Authentication (ideally using an authenticator application or hardware token) should be turned on for every account that’s important to the business.

Key Decisions to Increase Start-Up Success

Mon, 13 Dec 2021 00:00:00 +0000

Having a great idea is only the first step for a start-up. Some of the early technical decisions that have to be made early on could be the difference between a rapid rise or a quiet failure.

IONOS Digital Transformation Case Study

Thu, 09 Dec 2021 00:00:00 +0000

One of our digital transformation projects was recently released as a case study by IONOS, our UK/EU hosting partner.

Lessons for Securing Your Microsoft 365 Mailboxes

Mon, 29 Nov 2021 00:00:00 +0000

We recently helped a customer with an interesting, tricky Microsoft 365 mailbox hack. Thankfully there were no serious consequences, but there were some lessons to learn

Introduction

An existing customer recently recommended us to a supplier of theirs who recently had a near-miss cyber security incident. They fortunately happened to notice something odd in their inbox - the bank account details on an invoice had changed. Clearly in this instance it paid to be eagle-eyed, but as we know from the stories of BEC, many aren’t so lucky.

The Value of Small Teams for Optimised Efficiency

Wed, 20 Oct 2021 00:00:00 +0000

Small, highly talented teams beat large, average teams. Every time.

I’d rather have a small team of 10 highly skilled developers, the ninjas, than a team of 100 average developers. Why? Because the 10 will outperform the 100, every time. You might need to pay double, even four times the salary, but it’s still cheaper overall. It’s also easier to manage, easier to interact with and easier to innovate.

Some say the perfect team size is 7, others say 12. I think it’s somewhere between the two, but is mainly down to how many super stars you can find and employ. If you find one more, hire them anyway.

Automating Testing of TLS Connections

Fri, 17 Sep 2021 00:00:00 +0000

Programmatically determining the version of the TLS protocol and cipher suites a server supports was not as easy as I expected it to be. TLS provides the Security layer in HTTPS, and secures the connection between you and the server when visiting websites. Previous versions of TLS are now deprecated and have known vulnerabilities. Checking a server isn’t running these outdated versions is a very important step in checking a website is secure. These are the steps I took to get to a working script.

Building a Better File Sharing Application

Mon, 23 Aug 2021 00:00:00 +0000

As a consultancy, we’re constantly having to share and receive files with potential and actual customers. And as regular people, we also want to easily share files with family, friends, and financial advisors. But we couldn’t find a sharing tool that worked for all of our requirements, so inspired by an open-source project, we built it ourselves. And we hope you might want to use it too.

Cyber Security Tips For SMEs - Video Interview

Tue, 20 Jul 2021 00:00:00 +0000

Our CEO Rob recently recorded two interviews with Rupert Honywood of the Business Growth Bureau, on cyber security tips for Small to Medium Enterprises, and how to protect against phishing.

Smashing the Smishers

Tue, 29 Jun 2021 00:00:00 +0000

Anyone recently received a weird text message with a dodgy link in it from “HMRC”, “Hermes”, “DHL” or even “Royail Mail”? Yeah, us too - it’s smishing, and it’s rampant in the UK. So, what can we do about it? Prompted by an investigation from Which?, we gave detection a go…

What is it?

If you have a phone then you’ve probably seen something like it, but you may not have seen the term smishing, a somewhat ugly portmanteau of SMS and phishing (see also: vishing for voice phishing aka malicious phone calls).

Kubernetes For Digital Transformation - Webinar

Thu, 03 Jun 2021 00:00:00 +0000

At Hexiosec we’ve used containers and Kubernetes to move customer systems into the cloud, and have built our own tools and services to take advantage of a containerised, cloud-native approach. This webinar details why Kubernetes is perfect for such applications. It was recorded by our CTO David Griffiths, along with our cloud partner IONOS.

The webinar covers what we mean by digital transformation, and then provides an overview of the benefits of containers and Kubernetes for digital transformation projects.

The Insecurity Of ISP Routers: Our Work With Which?

Thu, 06 May 2021 00:00:00 +0000

To accompany recent research into the security of common Internet Service Provider (ISP) routers, we lament the current state of security in network devices, both personal and enterprise.

Passwords - How much do they matter?

Fri, 19 Mar 2021 00:00:00 +0000

Prompted by an oldish Microsoft blog about how too many people focus on password complexity, this blog discusses how much passwords matter for security, relative to other protections such as MFA and Password Managers.

Tips & Tricks For Using WSL & Windows Terminal

Wed, 17 Feb 2021 00:00:00 +0000

I’ve been using both the second version of the Windows Subsystem for Linux (WSL2), and the newish Windows Terminal for quite a while, and thought it’d be useful to collate some tips and tricks on them all into a single blog.

A New Cyber Security Mindset for 2021

Wed, 10 Feb 2021 00:00:00 +0000

Looking forward to 2021, I wanted to write an article not about the FireEye breach or SolarWinds Orion supply chain attack (enough of that has been written), but about what we as in the Cyber Security industry can do about it. The change required is an important and fundamental one.

A Look Back at Cyber Security in 2020

Fri, 01 Jan 2021 00:00:00 +0000

Let’s be honest, 2020 will not be remembered fondly by many people. Having celebrated its passing, let’s have a quick look back on the big cyber security events and trends that happened over the year

Hardware Security Modules - A Step Forward in Cyber Security?

Wed, 16 Dec 2020 00:00:00 +0000

A couple of weeks ago this Microsoft announcement about a new hardware security module came out without much fanfare, even though it could represent a big change for the security of new Windows devices. This blog provides some background on the use of dedicated hardware security modules in different platforms, and highlights their relative weaknesses and advantages.

Affordable Kubernetes for Personal Projects

Thu, 10 Dec 2020 00:00:00 +0000

Running a Kubernetes cluster doesn’t have to be expensive. In this article I discuss how I’ve set up a Kubernetes cluster that is affordable for personal projects.

So Macho - A look at Apple executable files

Wed, 02 Dec 2020 00:00:00 +0000

Introduction

Apple code signing has been in the news lately, with the new macOS update having initial problems, as well as adding extra steps for developers building software.

Code signing and application permissions on Apple devices both rely on the Mach-O format, which is used for executable files on both macOS and iOS. This blog provides an overview of the structure of Mach-O binaries, and how they implement code signing and application permissions. We also introduce a new open-source tool we’ve written for parsing interesting information from Mach-O files.

Digital Transformation: Not Just Adopting New Technology

Wed, 18 Nov 2020 00:00:00 +0000

Taking new technologies and overlaying them on today’s practices isn’t enough. Companies must undergo a transformation, a ‘digital transformation’, in order to fully reap the rewards.

The adoption of the dynamo, a disruptive technology of the 19th century seen through the eyes of a victorian engineer, provides an insightful analogy.

British Airways Fined Over 2018 Hack - Was It Enough?

Tue, 20 Oct 2020 00:00:00 +0000

Is £20M an appropriate fine for British Airways from the ICO for the 2018 hack that exposed the personal data of hundreds of thousands of people, including credit card details?

Blogs on Hexiosec

New ASM Features and Improvements | February 2026

Introduction

Web Presence report

The Compliance Roadmap: End-to-End Encrypted File Transfer for UK Higher Education

Introduction

6 Steps to Compliance

How Secure File Transfer Solutions Support the Road to Compliance

How End-to-End Encrypted Data Transfer Can Help UK Higher Education Navigate Data Regulations

Introduction

Securing the Academic Perimeter: Attack Surface Management in UK Higher Education

The Higher Education Security Challenge

The Evolving Attack Surface in UK Higher Education

Introduction

New ASM Features and Improvements | January 2026

Introduction

Parsing email files in Go

Inspecting Suspicious Emails

How to control Microsoft 365's AI features

Introduction

Privacy Checks for Email Configuration in Hexiosec ASM | January 2026

Introduction

Driving Cyber Security Forward: Hexiosec’s 2025 Highlights and What’s Next

Advancing cyber security through shared innovation

New ASM Features and Improvements | November 2025

Introduction

Improving Email Security Even Further with MTA-STS

Overview

Coming Soon - Introducing Three New Ways to Share Data Securely with Hexiosec Transfer

Turning Cyber Risk Into An Easy Boardroom Conversation Using NCSC’s CAF 4.0 and Hexiosec ASM

Introduction: The critical role of the Cyber Assessment Framework (CAF)

As the NCSC Retires Web Check and Mail Check, Hexiosec Has Your Back

The NCSC’s Web Check & Mail Check Are Retiring - Are You Ready?

Cyber Security Work Experience: Exploring AI in ASM at Hexiosec

A week in Cyber Security

Minimising the Blast Radius - Why Secure File Sharing Is Critical

Minimising the Blast Radius: Why Secure File Sharing Is Critical

Cyber Security for Small to Medium Enterprises

New ASM Features and Improvements | October 2025

Introduction

Understanding True End‑to‑End Encryption: Why It Matters and How Hexiosec Transfer Does It Right

New ASM Features and Improvements | September 2025

Introduction

Exporting services as a CSV

What Is Attack Surface Management?

Managing an External Attack Surface

New ASM Features and Improvements | August 2025

Introduction

Cutting through the noise: Prioritising Vulnerabilities with EPSS

Introduction

After The MoD Afghan Breach - From Breach to Best Practice Across Government

The MoD breach: A systemic challenge

Content Security Policy Implementation Guide - Boarding Pass Required

Content Security Policy (CSP) Implementation guide: Protecting web applications from XSS attacks

New ASM Features and Improvements | July 2025

Introduction

No Summer Holidays for Cyber Responders? Why Attackers Love the Summer, and Why the UK Education Sector Should Care

The problem with Summer Holidays

How We Tested Mobile App Privacy — and What We Found for Which?

New ICO Guidance Raises App Privacy Questions

New ASM Features and Improvements | June 2025

Introduction

The Hidden Gem: How Flexible Working Kept Me in Tech

Spoiler alert: I stuck around

🦄 Being the Unicorn: Reflections for Women in Engineering Day

On Being a Unicorn

New ASM Features and Improvements | May 2025

Introduction

TLS certificate validity period

Phishing with Malicious SVG Files

The threat of SVG files

New ASM Features and Improvements | April 2025

Introduction

Navigating risk changes

Hexiosec Now on Jisc's Chest Platform

Hexiosec products now available on Jisc’s Chest platform

Transfer Feature | Secure Multi-Use File Sharing Requests

Introduction

New ASM Features and Improvements | March 2025

Introduction