News & Updates

TIBER-EU (Threat Intelligence-Based Ethical Red Teaming) is a European-wide initiative designed to enhance cyber defences through collaborative testing. It offers detailed guidelines for authorities, organisations, threat intelligence providers, and red team testers to work together effectively. By conducting controlled cyberattacks, TIBER-EU helps identify vulnerabilities and strengthen an entity’s cyber resilience in a safe and structured manner.

Who is TIBER-EU for?

 It was developed to strengthen the cyber resilience of organisations that deliver critical services, especially within the financial sector. This includes those with cross-border operations that fall under the supervision of multiple regulatory bodies, as well as national and supranational authorities.

While originally intended for financial infrastructure providers, TIBER-EU is flexible enough to be applied across other vital sectors, making it a valuable tool for a broad range of critical entities.

The framework sets out a core set of mandatory requirements, along with optional elements that can be tailored to reflect the specific needs of different jurisdictions. By harmonising how threat-led red teaming is conducted across Europe, TIBER-EU helps simplify compliance and promotes mutual recognition between authorities while reducing administrative burden and increasing efficiency.

Importantly, the TIBER-EU framework can support both regulators and financial entities in complying with the requirements of the Digital Operational Resilience Act (DORA). For organisations preparing for DORA’s implementation, adopting TIBER-EU offers a structured and recognised approach to threat-led penetration testing.

How does it work?

TIBER-EU simulations closely replicate the tactics, techniques, and procedures used by actual cyber attackers, relying on tailored threat intelligence. These tests are customised to mimic attacks on the critical functions of an organisation, including its people, processes, and technology infrastructure. Importantly, the goal isn’t to pass or fail but to uncover the strengths and weaknesses of an organisation’s cyber defences. By focusing on the learning opportunities these simulations provide, TIBER-EU helps organisations improve their resilience and move toward a higher level of cyber maturity.

Come and talk to us about our services to support TIBER-EU.

AI technology is rapidly reshaping web applications, from customer support bots to intelligent fraud prevention systems. However, with this growth comes new and often overlooked security risks. Many businesses are integrating AI without fully addressing the unique vulnerabilities it introduces.

Common AI Weaknesses

☠️ Model Poisoning – Malicious users can manipulate machine learning models by feeding them crafted or misleading data, leading to faulty outputs.

👀 Information Exposure – Insecure AI responses may unintentionally reveal sensitive data or system information.

💥 Prompt Injection Attacks – AI systems based on Large Language Models (LLMs) are susceptible to specially designed prompts that manipulate system behaviour.

🔓 Insecure APIs – AI features are often exposed through APIs, making them prime targets for abuse, data exfiltration, and denial of service attacks.

💡 Bias and Trust Flaws – Models trained on skewed or incomplete data can make inaccurate or unsafe decisions, sometimes in ways that aren’t immediately obvious.

Key Takeaway

AI adds valuable capabilities to web applications but also expands the attack surface. Organisations must proactively identify and secure AI-specific vulnerabilities as part of their broader cybersecurity programme.

Interested in learning more about AI security? Visit www.fortiscyber.co.uk or contact us at enquiries@fortiscyber.co.uk.

External penetration tests are a critical component, and often one of the first steps, of an organisation's defence strategy. These engagements typically focus on the infrastructure that an organisation controls or hosts. However, this leaves a blind spot within the security posture - services hosted by third parties, such as Microsoft's M365, which grant users access to company resources like SharePoint and Outlook. 

Background 

For over 10 years, many Microsoft products (including the M365 login function) have contained enumeration flaws which allow malicious actors to determine if an account is valid. The first step to any password attack against an organisation's userbase is to compile a list of targets, and tooling exists to automate this process. Microsoft has not indicated that they are going to address these user enumeration flaws.  

Tooling also exists to automate the process of systematically attempting to log into each account in that list of targets. 

The Budget Problem 

This kind of threat is typically only tested during a simulated attack against the organisation (such as during a red team engagement), but these projects are covert, comprehensive, and usually last for weeks or months. A cost-effective way to address this initial access threat is to carry out a targeted credential attack against your organisation's M365 user accounts. A straightforward engagement will confirm whether any leaked credentials are still valid and whether any users utilise a weak password and can usually be carried out in one or two days.  

The Password Problem 

Would you consider the following password policy strong? 

• at least 10 characters in length 

• upper case character 

• lower case character 

• a digit 

• and a special character 

Well, "Password1!" meets these guidelines and is occasionally the condition for an initial compromise. You may think you are fine as you utilise multifactor authentication; however, there are several methods to defeat these controls. It's worth noting that users with weak passwords may be less security conscious in general and more likely to fall victim to a phishing attack designed to capture sensitive information such as an MFA token. A user may utilise the same password elsewhere which does not enforce MFA. We have also found that some organisations have special shared accounts where MFA is not enforced for quality-of-life purposes.  

Contact Us 

If you want peace of mind regarding this attack vector, contact us and we can tailor the engagement to your organisation's needs. We can perform a simulated credential attack and many other kinds of review to secure this gap. www.fortiscyber.co.uk