#NSBCS.084 - The way we thought it would be

The way we thought it would be

Shane (Co-founder of NSB) sent me a message yesterday, a photo of his laptop on a table at a café, next to a long black after a perfect-looking breakfast.  The caption? “The way we thought it would be.”

It made me smile. Because in some ways, that photo sums up the early dream of starting your own business. Flexibility, creativity, purpose. The reality, of course, has been a little more complex, late nights, balancing growth, and the thousand decisions that come with building something from the ground up.

But that photo wasn’t completely wrong.

What we have found, and what’s been more rewarding than we imagined, is the opportunity to make a real contribution to the cyber industry. Not just by protecting organisations from harm, that’s our why and a ticket to the game frankly, but by helping grow the next generation of people who will carry that mission forward.

We’ve given people their first job in cyber. We’ve helped others step into their next role when they weren’t sure how. We’ve taken on grads and watched them become consultants. We’ve backed people with potential, sometimes before they believed it themselves. And we’ve created a workplace where culture, support, and high performance aren’t just words in a slide deck, they’re the foundation. We talk about Client, Quality and Culture and our people are laser focused on that.

This is the part that doesn’t get enough airtime. In an industry known for its pressure and pace, it’s easy to focus on the risks, the incidents, the burnouts. But behind all that is an opportunity (maybe even a responsibility) to make it better.

To build environments where people are valued, supported, and challenged.

To give newcomers a real path into the industry.

To model that great cyber talent doesn’t always look the same, or come from the same background.

To lead with trust and purpose, not ego or fear.

To value outcomes, not presenteeism.

So, while the café and laptop vision might not be our everyday reality. The idea behind it, a healthier, more meaningful way of working, is very much alive.

We’re proud of what we’ve built so far. But more than that, we’re proud of who we’ve brought with us, and where they’re headed next. To our amazing team at NSB reading this, keep smashing it, and to our clients, thank you for giving us the platform to add in our small way to an incredibly important industry.

No Steps Backward.

What we read this week

• Chinese Hackers Exploit Microsoft SharePoint Vulnerabilities in Ongoing Attacks - Cybersecurity experts have linked the active exploitation of multiple vulnerabilities in on-premises Microsoft SharePoint servers to Chinese nation-state actors, including Linen Typhoon and Violet Typhoon, with attacks beginning as early as July 7, 2025. These flaws, tracked as CVE-2025-49704 and CVE-2025-49706 (collectively known as ToolShell), allow unauthenticated remote code execution, enabling attackers to deploy web shells, steal cryptographic keys, and maintain persistent access even after patching. The U.S. Cybersecurity and Infrastructure Security Agency has added these vulnerabilities to its Known Exploited Vulnerabilities catalogue, mandating federal agencies to apply mitigations by July 23, 2025, while organisations are advised to enable Antimalware Scan Interface integration, deploy Microsoft Defender Antivirus, rotate ASP.NET machine keys, and monitor for indicators of compromise to prevent data exfiltration and further network intrusion.

• CISA Adds SysAid Vulnerabilities to Known Exploited Catalogue Amid Active Exploitation - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included two critical vulnerabilities in SysAid IT support software, CVE-2025-2775 and CVE-2025-2776, in its Known Exploited Vulnerabilities (KEV) catalogue due to ongoing attacks enabling administrator account takeover and remote file access. These improper restriction of XML external entity reference flaws, with CVSS scores of 9.3, can be chained with other vulnerabilities for server-side request forgery and potential remote code execution. Federal agencies must remediate by August 12, 2025, and all organisations are urged to upgrade to SysAid on-premise version 24.4.60 or later, review access logs for suspicious activity, and implement strict input validation to mitigate risks of unauthorised access and data breaches.

• Cisco Confirms Active Exploitation of Identity Services Engine Vulnerabilities - Cisco has acknowledged ongoing attacks targeting critical vulnerabilities in its Identity Services Engine and Passive Identity Connector appliances, allowing unauthenticated remote attackers to execute arbitrary code with root privileges. The flaws, CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337, all rated CVSS 10.0, stem from insufficient input validation and file handling, potentially leading to full system compromise and lateral movement within networks. Administrators should immediately apply patches to affected versions (3.3 Patch 7 and 3.4 Patch 2), conduct threat hunting for indicators of compromise, and restrict external access to ISE management interfaces to prevent unauthorised root access and data exfiltration.

• Coyote Banking Trojan Variant Abuses Windows UI Automation for Credential Theft - A new variant of the Coyote banking trojan has been observed exploiting Microsoft's UI Automation framework to identify and steal credentials from 75 Brazilian banking and cryptocurrency websites, marking the first real-world abuse of this accessibility feature for malicious purposes. The malware uses traditional techniques like keylogging alongside UI Automation to parse browser elements for targeted URLs, enabling offline operation and evasion of endpoint detection tools. Users and organisations should monitor for suspicious UI Automation activity, block known command-and-control domains, avoid untrusted installers, and deploy behavioural analytics to detect anomalous interactions with financial applications and prevent financial fraud.

References
Chinese Hackers Exploit SharePoint: https://thehackernews.com/2025/07/cisa-orders-urgent-patching-after.html
SysAid Vulnerabilities: https://thehackernews.com/2025/07/cisa-warns-sysaid-flaws-under-active.html
Cisco ISE Exploitation: https://thehackernews.com/2025/07/cisco-confirms-active-exploits.html
Coyote Trojan Variant: https://thehackernews.com/2025/07/new-coyote-malware-variant-exploits.html