Blog

Microsoft Application Guard helps protect against malware in Office documents by opening each document in its own segregated virtual machine. Microsoft says in the release notes: Application Guard is a virtualization-based sandbox that’s used to isolate untrusted documents you may encounter. It brings the same technology that powers Azure to your desktop. Untrusted documents areRead more

The number of ransomware attacks using RDP as the attack vector has increased sharply during the COVID lockdown. As the number of staff working remotely exploded during the COVID lockdown, criminals were quick to respond by targeting Remote Desktop Protocol services with ransomware.  For example, Group-IB recently reported that the Dharma ransomware-as-a-service was being usedRead more

HTML smuggling is a technique for bypassing perimeter security devices by generating malicious HTML behind the firewall – within the browser on the target endpoint. HTML Smuggling techniques sidestep traditional network security solutions such as email scanners, proxies and sandboxes by using the features of HTML5 and Javascript.  This is done by generating the malicious HTMLRead more

Achilles is the name of a set of 400 security vulnerabilities found in the Qualcomm chips that power a billion Android devices – many of which may never get fixed. Discovered by researchers at CheckPoint, the vulnerabilities all relate the DSP chip which is part of the Snapdragon processor that powers the phones and tablets. Read more

Microsoft’s August patch-Tuesday bundle fixes 120 vulnerabilities including two under active exploitation- one of them over two years old. Weighing in at 120 fixes, the August 2020 Patch Tuesday is the third largest ever released by Microsoft.  Of particular interest are 17 critical updates and two zero-day exploits which are being actively attacked. IE 11Read more

A new report from McAfee details the growth of the Netwalker ransomware code into a stable ransomware-as-a-service product that has generated more than $25million dollars in the last 5 months. Recent high-profile attacks against organisations such as Travelex, Garmin and Canon serve as a reminder of the very real threat posed by ransomware which canRead more

TeamViewer Gmbh have released a patch for their Windows Desktop client to fix a credential leaking vulnerability which could allow a malicious webpage to obtain the hashed NTLM credentials of the active Windows user account. A simple flaw (CVE-2020-13699) in the way the TeamViewer desktop client handles custom URI handlers means a malicious webpage canRead more

Network segmentation is a powerful and essential tool in the security manager’s arsenal that improves the security of computer networks and makes them easier to manage.  Network segmentation provides protection against attackers who manage to breach the perimeter defences by limiting their ability to move laterally within the network. It can also protect key systemsRead more

The UK National Cyber Security Centre and CISA in the USA have issued a joint alert detailing the risk posed by the Qsnatch/Derek malware which attacks QNAP NAS devices. The National Cyber Security Centre states in the alert: All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest securityRead more

Boothole is a pervasive vulnerability that affects the GRUB2 boot loader that is used by most versions of Linux.  By exploiting this vulnerability, attackers can run arbitrary code on almost any PC or Server and install RootKits or similar Malware that will persist reboots and be very difficult to detect. BootHole was first reported byRead more