About Sanction, Inc.
Sanction, Inc. is a small, specialized information security consultancy dedicated to safeguarding your digital assets. Founded on the principles of expertise, integrity, and proactive defense, we partner with businesses of all sizes to build robust security postures.
Our team comprises seasoned professionals with deep knowledge across various domains of cybersecurity. We pride ourselves on delivering tailored, effective, and compliant security solutions that align with your unique business objectives and operational needs.
Our Services
Security Architecture
Designing and implementing resilient security frameworks from the ground up, ensuring your infrastructure is built with security as a core foundation. We focus on scalable and future-proof architectural solutions.
Regulatory Compliance
Navigating the complex landscape of cybersecurity regulations (e.g., GDPR, HIPAA, PCI DSS). We help you achieve and maintain compliance, reducing risk and avoiding penalties.
AI Information Security
Addressing the unique security challenges presented by Artificial Intelligence and Machine Learning systems. We secure your AI models, data, and deployment pipelines against emerging threats.
Cloud Security
Securing your cloud environments (AWS, Azure, GCP, etc.) through expert configuration, monitoring, and policy enforcement. We ensure your cloud infrastructure is protected and compliant.
Latest Information Security Articles
CISA tells feds to patch 13-year-old Apache ActiveMQ bug under active attack
Bug hiding in plain sight for over a decade lands on KEV list CISA is sounding the alarm on a newly-exploited Apache ActiveMQ bug, ordering federal agencies to patch within two weeks as attackers circle a flaw that's been quietly lurking for more than a decade.…
Opsec oopsie: Dutch navy frigate location outed by mailing it a Bluetooth tracker
Or, how public information and a €5 tracker exposed an avoidable opsec lapse Militaries around the world spend countless hours training, developing policies, and implementing best operational security practices, so imagine the size of the egg on the face of the Dutch navy when journalists managed to track one of its warships for less than the cost of some hagelslag and a coffee.…
Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug
University student says he plans to move to Android, but concedes iOS engineers acting fast Apple is finally working on a fix for a bug that has locked some users out of their iPhones for months, The Register understands.…
Claude Opus wrote a Chrome exploit for $2,283
Pause your Mythos panic because mainstream models anyone can use already pick holes in popular software Anthropic withheld its Mythos bug-finding model from public release due to concerns that it would enable attackers to find and exploit vulnerabilities before anyone could react.…
Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say
Bug or feature? A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into Anthropic's official Model Context Protocol (MCP) puts as many as 200,000 servers at risk of complete takeover, according to security researchers.…
North Korea targets macOS users in latest heist
Social engineering: 'low-cost, hard to patch, and scales well' North Korean criminals set on stealing Apple users' credentials and cryptocurrency are using a combination of social engineering and a fake Zoom software update to trick people into manually running malware on their own computers, according to Microsoft.…
Americans who masterminded Nork IT worker fraud sentenced to 200 months behind bars
Fortune 500 companies and one US defense contractor got taken for $5m in four-year scam Two Americans have been jailed for a combined 200 months for helping North Korea generate $5 million through fraudulent IT worker schemes.…
Git identity spoof fools Claude into giving bad code the nod
Forged metadata made AI reviewer treat hostile changes as though they came from known maintainer Security boffins say Anthropic's Claude can be tricked into approving malicious code with just two Git commands by spoofing a trusted developer's identity.…
Textbook titan McGraw Hill on ransomware crew's reading list after 13.5M records exposed
Publisher claims misconfigured Salesforce-hosted page leaked data Textbook giant McGraw Hill has landed on a ransomware crew's leak site after an alleged Salesforce-linked misconfiguration spilled 13.5 million records into the wild.…
Microsoft announces product it doesn't want anyone to buy
Just migrate already, would you? But if you can't, Redmond will take your cash Microsoft will keep delivering security updates for old versions of Exchange Server and Skype for Business Server, after admitting that some customers aren't ready to make the move to newer products.…
Server-room lock was nothing but a crock
Your cybersecurity is only as good as the physical security of the servers PWNED Welcome back to Pwned, the column where we immortalize the worst vulns that organizations opened up for themselves. If you’re the kind of person who leaves your car doors unlocked with a pile of cash in the center console, this week’s story is for you.…
Google Chrome lacks protection against one of the most basic and common ways to track users online
Browser fingerprinting is everywhere Google markets its Chrome browser by citing its superior safety features, but according to privacy consultant Alexander Hanff, Chrome does not protect against browser fingerprinting – a method of tracking people online by capturing technical details about their browser.…
Nobody knows how many CVEs Anthropic's Project Glasswing has actually found
Like the majority of the companies participating, it remains a mystery Last week, Anthropic surprised the world by declaring that its latest model, Mythos, is so good at finding vulns that it would create chaos if released. Now, under the title of Project Glasswing, over 50 selected companies and orgs are allowed to test the hyped up LLM to find security holes in their own products. But just how many problems have they really discovered?…
Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
No reports of active exploitation (yet) Watch out for more Fortinet vulns! Two critical bugs in Fortinet's sandbox could allow unauthenticated attackers to bypass authentication or execute unauthorized code on vulnerable systems.…
Automotive data biz Autovista blames ransomware for service disruption
Some customer orgs tell staff to block inbound email from the provider Autovista confirms that it called in outside support to help clean up a ransomware infection currently affecting systems in Europe and Australia.…
Contact Us
Ready to strengthen your organization's security? Contact Sanction, Inc. today for a consultation.
Email: info@sanction.net