About Sanction, Inc.
Sanction, Inc. is a small, specialized information security consultancy dedicated to safeguarding your digital assets. Founded on the principles of expertise, integrity, and proactive defense, we partner with businesses of all sizes to build robust security postures.
Our team comprises seasoned professionals with deep knowledge across various domains of cybersecurity. We pride ourselves on delivering tailored, effective, and compliant security solutions that align with your unique business objectives and operational needs.
Our Services
Security Architecture
Designing and implementing resilient security frameworks from the ground up, ensuring your infrastructure is built with security as a core foundation. We focus on scalable and future-proof architectural solutions.
Regulatory Compliance
Navigating the complex landscape of cybersecurity regulations (e.g., GDPR, HIPAA, PCI DSS). We help you achieve and maintain compliance, reducing risk and avoiding penalties.
AI Information Security
Addressing the unique security challenges presented by Artificial Intelligence and Machine Learning systems. We secure your AI models, data, and deployment pipelines against emerging threats.
Cloud Security
Securing your cloud environments (AWS, Azure, GCP, etc.) through expert configuration, monitoring, and policy enforcement. We ensure your cloud infrastructure is protected and compliant.
Latest Information Security Articles
Ancient Excel bug comes out of retirement for active attacks
Vuln old enough to drive lands on CISA's exploited list While Microsoft was rolling out its bumper Patch Tuesday updates this week, US cybersecurity agency CISA was readying an alert about a 17-year-old critical Excel flaw now under exploit.…
Raspberry Pi OS ends open-door policy for sudo
Command prefix will require password by default The latest version of Raspberry Pi OS now requires a password for sudo by default.…
UK told its Big Tech habit is now a national security risk
Open Rights Group says years of reliance on US giants have left Britain exposed Britain has spent years wiring its public sector into US Big Tech, and a new report says that dependence could quickly become a national security headache.…
Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users
Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive Exclusive Security researchers hijacked three popular AI agents that integrate with GitHub Actions by using a new type of prompt injection attack to steal API keys and access tokens, and the vendors who run agents didn’t disclose the problem.…
Commvault has a Ctrl+Z for rogue AI agents
The company's new software keeps an eye on your agents and backs up data. Keep your agents close and your agent-monitoring software closer. Commvault’s new AI Protect can discover and monitor AI agents running inside AWS, Azure, and GCP environments and even roll back their actions when something goes wrong.…
Microsoft's massive Patch Tuesday: It's raining bugs
One CVE under attack, one already disclosed by angry bug hunter, and 163 more Attackers exploited a spoofing vulnerability in Microsoft SharePoint Server before Redmond issued a fix as part of April's mega Patch Tuesday.…
No honor among thieves as 0APT threatens rival ransomware gang Krybit
Honey, the skids are fighting again Two rival ransomware gangs have locked horns after 0APT threatened to expose people affiliated with Krybit.…
Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum
One was patched almost 14 years ago Crooks are exploiting four Microsoft vulnerabilities - one patched 14 years ago and another tied to ransomware activity - according to America's lead cyber-defense agency, which on Monday gave federal agencies two weeks to patch them.…
Fake Linux leader using Slack to con devs into giving up their secrets
Google Sites lure leads to bogus root certificate Imagine getting asked to do something by a person in authority. An unknown malware slinger targeting open source software developers via Slack impersonated a real Linux Foundation official and used pages hosted on Google.com to steal developers' credentials and take over their systems.…
Booking.com warns reservation data may have checked out with intruders
Travel giant says names, contact details, dates, and hotel messages potentially exposed Booking.com is warning customers that their reservation details may have been exposed to unknown attackers, in the latest reminder that the travel giant still can't quite keep a lid on the data flowing through its platform.…
Gym giant Basic-Fit confirms data on a million members stolen in cyberattack
Names, addresses, dates of birth, and bank details accessed, though not passwords Basic-Fit, Europe's largest gym chain, has confirmed data including the bank details of around a million customers was stolen from its systems.…
Rockstar Games gets a taste of grand theft data
ShinyHunters claims it accessed Snowflake metrics via third-party tool ShinyHunters is back, this time pinning Rockstar Games to its leak site and claiming it didn't so much hack its way in as walk through a door someone else left wide open.…
NHS pays £46K to prep next Microsoft licensing round
Benchmarking contract lays groundwork for renegotiating £774M software agreement NHS England is spending £46,000 on "benchmarking" as it gears up for what looks like the next round of negotiations behind one of the UK public sector's biggest software deals.…
China wants AI to prepare school lessons and mark homework
PLUS: Toyota wheels out basketball bot; Arm scores AI server win with SK Telecom; India ponders payment pauses to foil fraudsters; And more! Asia In Brief China’s National Data Administration last Friday published its action plan for AI in education which calls for upskilling of the nation’s citizens to ensure they can put the technology to work.…
Anthropic's mysterious Mythos AI threatens to upend the infosec world
Or it's a bunch of pre-IPO hype. Either way, we're giving it the once-over on this week's episode Kettle Anthropic dropped a doozy on us this week with the launch of Mythos, an AI model it says is able to find and exploit zero-day vulnerabilities with a shocking level of ability. …
Contact Us
Ready to strengthen your organization's security? Contact Sanction, Inc. today for a consultation.
Email: info@sanction.net