Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Quality Policy
    • Security Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us

Blog

Home 2019 April

Cybercriminals shift focus from consumers to businesses

By Mark Faithfull | News, Vulnerabilities | 26 April, 2019 | 0

Compared to Q1 2018, malware detections in businesses has increased 235% while dropping 24% for consumers. Anti-virus and security firm Malwarebytes reports in their latest Cybercrime Tactics and Techniques report that cybercriminals are following the money and shifting their focus from consumers to businesses that have more valuable assets and possibly the financial resources toRead more

Office365 credential stealing tactics

By Mark Faithfull | News, Tools | 26 April, 2019 | 1

Organisations using Office365 are being targeted with an ingenious credential stealing campaign which uses Azure hosting to add legitimacy. First reported by Edgewave, this approach uses fake Office365 login pages which are hosted on Azure.  By using Azure Blob Storage to host the html pages, the URL for the malicious webpage is delivered from theRead more

Why Pen-Testing Matters

By Mark Faithfull | Articles, Web Applications | 18 April, 2019 | 0

What is pen-testing and how does it keep your business secure? Penetration testing defined Penetration testing is a form of ethical hacking, where organisations ask a trusted expert to try to penetrate (access) their network and systems.  A penetration test plays a crucial role in identifying vulnerabilities on your critical infrastructure – systems, networks, andRead more

MS Office now most targeted malware vector

By Mark Faithfull | News, Vulnerabilities | 17 April, 2019 | 0

Kaspersky has recently published information on what their security products are observing in their clients systems – and the dramatic rise of MS Office as a malware target. In 2016 MS Office was the target of 16% of attacks, behind Android at 19% and web browsers who were the dominant target with 45% of allRead more

Atlassian issues critical security advisory for Confluence

By Mark Faithfull | News, Vulnerabilities | 17 April, 2019 | 0

Many modern software factories adopting Agile development methodologies also take on the tools of Atlassian such as Jira to managed their feature backlog and Confluence for documentation.  A critical path traversal vulnerability has been discovered in the on-premises version of Confluence Server and Data Centre which will allow a remote user who has permission toRead more

cloud storage

Does your organisations data lurk in the shadows?

By Mark Faithfull | Articles, Information Assurance | 14 April, 2019 | 0

“Shadow IT” (also known as “Stealth IT”, “Client IT” or “What have those eejits in marketing done now?”) is the term used to describe IT systems which are developed and owned by business teams outside of the control or jurisdiction of an organisation’s IT department.  Usually initiated with pure intentions, these systems can pose aRead more

winrar file vulnerability

500 million Windows users at risk from WinRAR

By Mark Faithfull | News, Vulnerabilities | 12 April, 2019 | 0

A recently disclosed absolute path traversal bug in the WinRAR utility is being actively leveraged in at least 100 unique exploits according to security firm McAfee. WinRAR is a file archiver/unarchiver for the Windows platform, popular in part as it is distributed as trialware which has led to over 500 million users installing it. TheRead more

windows code signing

Microsoft improve code-signing on security updates with SHA-2

By Mark Faithfull | News | 11 April, 2019 | 0

Microsoft is changing the way it digitally signs updates to Windows to improve protection against supply chain attacks – ensuring only valid original patches from Microsoft are installed through the Windows update utility. Currently, Windows patches are digitally-signed using both the SHA-1 and SHA-2 algorithms; however, because of known vulnerabilities in the SHA-1 hashing algorithm,Read more

website testing

What are Formjacking attacks ?

By Mark Faithfull | Articles, Web Applications | 9 April, 2019 | 0

Formjacking is a type of cyber attack that can be used by an attacker to steal sensitive information that is entered by website users through forms.  Most usually this type of attack targets ecommerce sites to obtain payment card details and personal information that are entered by customers; however, Formjacking attacks can target any website whichRead more

apple virus

Novel application package allows Windows malware to target MacOS and Linux

By Mark Faithfull | News, Vulnerabilities | 6 April, 2019 | 0

In the eternal arms race between malware creators and security vendors, a novel new tactic has emerged.  Trend Micro has recently reported that Windows executables (.EXE files) are being created that target non-windows platforms such as MacOS.  Because .EXE files are not supported as an executable on MacOS the built in Gatekeeper protection layer inRead more

Recent Posts

  • WinRAR Remote Code Execution Flaw Patched
  • Stack-Based Buffer Overflows in Ivanti Avalanche
  • Microsoft Teams Used in Social Engineering Attacks
  • LinkedIn Accounts Hijacked By Cyber Criminals
  • Malware Attacks Target Zyxel End-Of-Life Routers

Recent Comments

    Archives

    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • April 2020
    • March 2020
    • February 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • July 2018
    • June 2018
    • April 2018
    • January 2018
    • October 2017
    information. secured.
    • Home
    • Our Services
      • Infrastructure Testing
        • Internal Network Penetration Test
        • External Network Penetration Test
        • Wireless Network Penetration Test
        • Vulnerability Assessment
        • Network Segregation Test
        • Voice over IP (VoIP) Penetration Test
      • Application Testing
        • Web Application Penetration Test
        • Mobile Application Penetration Test
        • Desktop Application Security Assessment
        • Citrix Breakout Test
      • Configuration Review
        • Windows Server Build Review
        • Linux Server Build Review
        • Citrix Configuration Review
      • Information Assurance
        • ISO 27001 Gap Analysis
      • Cyber Essentials
    • News
    • Articles
    • About
      • About SecureTeam
      • STORM Appliances
        • Installing a STORM Device
        • Returning a STORM Device
      • White-Label Consultancy
      • Jobs
      • Cookie Policy
      • Quality Policy
      • Security Policy
      • Privacy Notice
      • Website Terms & Conditions
    • Contact Us
    SecureTeam