September at Stripe OLT

Welcome to your monthly round-up from Venture with Stripe OLT 📰

September was a busy month to say the least, with unpredictable weather (even by UK standards), exciting new insights from Microsoft and CVE’s caught left, right and centre by our penetration tester, Toby Davenport .

For a full run down on everything you need to know, read on…

To kick us off, here’s the first CVE Toby discovered last month: CVE-2023-40017 🪲

During his examination of an open-source web application, Toby came across a significant vulnerability that exposed it to Server Side Request Forgery (SSRF) attacks. In this expert intel, he guides us through the concept of CVEs, his process for uncovering this critical vulnerability, and, most importantly, offers guidance on how organisations can efficiently mitigate the risks associated with this vulnerability.

Read about Toby's CVE discovery here.

And here is the second CVE Toby discovered: CVE-2023-42439

Toby unearthed this CVE by scrutinizing the security measures that were put in place to address the vulnerability he had previously identified. His investigation revolved around identifying potential gaps in the protective measures introduced by security teams. Toby's goal was to replicate the SSRF opportunity he had identified in the earlier CVE, shedding light on any overlooked security aspects.

Read about Toby's second CVE discovery here.

Microsoft’s Anatomy of a modern attack surface: A breakdown

Introducing our latest insight, which dissects the Microsoft's report, "The Anatomy of the Modern Attack Surface." This in-depth exploration is filled with eye-opening statistics on the six primary attack vectors, along with exclusive insights from our resident expert and Head of Offensive Security, Tom Ellson . Dive into our comprehensive breakdown of the report to gain a clearer understanding of how to detect and fortify your vulnerabilities, ensuring you stay ahead of malicious actors.

Discover the full report here.

Benefits of Penetration Testing in a Microsoft Environment ⚡

Check out our recent insight to discover the advantages of conducting penetration tests in a Microsoft environment, along with the risks that come with overlooking these critical assessments. In this insight, we dive into Microsoft’s complex and dynamic environment, the ways you can ensure it’s fully secured and the vital considerations that must be taken into account when conducting a penetration test.

Find our recent insight here.

BTS at Stripe OLT

Stripe OLT named Best Managed IT provider company of the year - UK by SME News 🏆

We are delighted to share that Stripe OLT has been named Best Managed IT provider company of the year - UK by SME News. We couldn’t be prouder of the team for the dedication, hard work and top-quality work they produce day in and day out. Receiving further recognition for their efforts is a testament to the high standards they have set. Massive well done everyone, you should be very proud of yourselves.

Check out our winners page here.

Mia places 2nd at PCA First Timers competition

Now, it’s time to shout-out another big achievement from the Stripe OLT team, Mia C. recently competed in her first PCA first timers competition and secured 2nd place. Some of the team travelled to watch Mia compete and cheer her on from the audience. With 2nd place secured, Mia was invited to compete in the PCA British Championships as well.

Well done this great achievement Mia 👏

Cyber Security Consultant 📣

Our offensive cyber security division is growing and we are looking for a new Cyber Security Consultant to join our award-winning team. Some of the responsibilities of this role include: performing offensive security engagements for Stripe OLT’s clients, carrying out tasks such as scoping, reporting, project design and delivering client workshops and working with the existing offensive security team to continuously innovate and improve operations within the team.

To learn more about this role and apply directly, Click here.

🚀 Access All Areas to even more content

The updates keep coming... 📨

Our cyber security newsletter, Access Granted, isn't just any newsletter; it's crafted by cyber experts, for cyber experts. The next edition is set to land in our subscribers' inboxes soon, and you won't want to miss it!

Sign up today and receive monthly reports from our team of specialists, stay updated on recent cyber news that might have slipped by, and get a sneak peek behind the scenes at Stripe OLT's security endeavours.

👉 Subscribe here to Stripe up your inbox.