SecureTeam

NatWest offers free security software to customers

NatWest Bank has partnered with Malwarebytes to provide endpoint protection software to NatWest customers. Malwarebytes Premium edition will be available to download for free from within NatWest customer’s online banking portal. NatWest is the only UK bank to provide premium virus protection to their customers according to Alasdair MacFarlane, Head of Fraud Prevention at NatWest. […]

NatWest offers free security software to customers Read More »

HP warns of Device Manager vulnerabilities

News, Vulnerabilities / Ian Reynolds

HP has issued an alert warning of vulnerabilities in its HP Device Manager software which could allow an attacker to gain complete control over the server. With a CVSS score of 9.9 this vulnerability deserves prompt attention from Sys Admins responsible for HP servers. The HP alert describes three different vulnerabilities that together mean the

HP warns of Device Manager vulnerabilities Read More »

Ransomware claims drop dramatically after mandatory scans

News / Ian Reynolds

An innovative American insurance company, Corvus, has reported a drop of 65% in ransomware claims after they started insisting on vulnerability scans of the client’s network before providing cyber-insurance. Lauren Winchester of Corvus states in a recent blog post: Our automated scan locates threats like unprotected RDP upon quoting for new business and we notify

Ransomware claims drop dramatically after mandatory scans Read More »

Critical Domain Controller Flaw Requires Urgent Patching

News, Vulnerabilities / Ian Reynolds

A critical vulnerability in Microsoft Netlogon was patched in the August patch cycle – but was so dangerous that details were not made public until September when (hopefully) many systems would have been patched. If you have not applied the August patch bundle to your domain controllers stop reading and go do it now. Really

Critical Domain Controller Flaw Requires Urgent Patching Read More »

How Return-Oriented Programming exploits work

Articles / Ian Reynolds

Return-Oriented Programming is a security exploit technique used by attackers to execute code on their target system. By obtaining control of the call stack, the attacker can control the flow of existing trusted software running on the computer and manipulate it to their own ends. New research published this month has demonstrated how SPECTRE style vulnerabilities

How Return-Oriented Programming exploits work Read More »

NCSC Publishes Vulnerability Disclosure Toolkit

News, Tools / Ian Reynolds

The UK National Cyber-Security Centre has published a toolkit to help organisations setup a vulnerability disclosure programme. A vulnerability disclosure programme makes it easy for someone to provide your organisation with information if they notice a vulnerability that could impact your security. Without such a programme in place, concerned clients or researchers have to resort

NCSC Publishes Vulnerability Disclosure Toolkit Read More »

September patch Tuesday fixes 23 Critical Microsoft Vulnerabilities

Vulnerabilities / Ian Reynolds

The September 2020 patch Tuesday contain fixes for 23 Critical vulnerabilities in Microsoft products and 129 fixes in total – including a Microsoft Exchange vulnerability that can allow remote code execution simply by sending a specially crafted email to the server. A large patch bundle is a double edged sword – it’s reassuring that the

September patch Tuesday fixes 23 Critical Microsoft Vulnerabilities Read More »

The most dangerous vulnerabilities of 2020

News, Tools / Ian Reynolds

The Common Weaknesses Enumeration project has released their 2020 list of the 25 most dangerous software vulnerabilities. The list describes the types of vulnerabilities that have resulted in CVE being issued over the last two years. The project describes itself as: The 2020 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses (CWE Top

The most dangerous vulnerabilities of 2020 Read More »

Pass-the-hash attack discovered in Windows Themes

News, Vulnerabilities / Ian Reynolds

A new vector for pass-the-hash attacks has been discovered targeting Windows 10 personalisation themes. A security researcher has published details of a potential issue with the design of Windows 10 themes that can be exploited to harvest Windows and Microsoft Account login credentials. A Windows 10 theme is a collection of customisation settings for Windows

Pass-the-hash attack discovered in Windows Themes Read More »

September 2020

NatWest offers free security software to customers

HP warns of Device Manager vulnerabilities

Ransomware claims drop dramatically after mandatory scans

Critical Domain Controller Flaw Requires Urgent Patching

How Return-Oriented Programming exploits work

NCSC Publishes Vulnerability Disclosure Toolkit

September patch Tuesday fixes 23 Critical Microsoft Vulnerabilities

The most dangerous vulnerabilities of 2020

Pass-the-hash attack discovered in Windows Themes

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch