Blog

By using Pass-the-cookie techniques, attackers can access web applications without knowing a userid, password or even the one-time password from a multi-factor system. And if the web application in question is the management console for your AWS, Google or Azure environment then they stolen have the keys to your kingdom. In January 2021, CISA drewRead more

A large phishing campaign has captured 400,000 Office 365 credentials by using compromised commercial email marketing services to avoid spam filters. The Compact Phishing operation has been using compromised accounts with services including SendGrid, MailGun and Amazon SES. Commercial email marketeers work hard to ensure their email systems have a high reputation, so their emailsRead more

Java is used by 90% of the Fortune 500 companies, is the second most popular programming language on the planet.  So why does Java prompt users to uninstall it? Remove Java when it is no longer needed All software contains bugs and vulnerabilities, so one method to limit the number of ways your computer canRead more

At the start of 2018 details were first published of the theoretical Spectre attack which exploits flaws in the design of modern CPU to allow data to be stolen from memory.  Now Google has published a working proof-of-concept. Spectre is the name given to a number of attacks that are variations on a theme –Read more

Microsoft has released an easy to install one-click mitigation tool for the critical Exchange security vulnerability known as ProxyLogon as the NCSC issues an urgent alert to UK firms. The Hafnium/Proxylogon attack against Microsoft Exchange servers worldwide is escalating.  Security researchers at Checkpoint report a 10 fold increase in daily attacks against Exchange e-mail serversRead more

Business Continuity Planning (BCP) is the deliberate assessment of the risks to the organisation’s people and information – and then taking steps to mitigate those risks should they occur. Business Leaders may be tempted to think ‘it would never happen to us’ or allow survivorship bias to cloud their risk appetite. But, without a BusinessRead more

Web browsers are adding more TCP ports to their block lists in an attempt to prevent exploitation of NAT Slipstream attacks. NAT Slipstreaming is an attack which tricks the NAT router into allowing external traffic through the NAT firewall to target any internal network device by abusing protocols such as SIP or H.323 where thisRead more

Microsoft has updated their Microsoft Safety Scanner (MSERT) tool so that it detects Web Shells installed on your Exchange servers through the ProxyLogon vulnerability. Last week Microsoft issued emergency patches to address four zero-day exploits that were being exploited by the Hafnium group.  Since the disclosures, criminal groups have been targeting Microsoft Exchange Servers aroundRead more

Programmable Logic Controllers manage industrial systems of all kinds, from oil rigs to vaccine production and one of the leading manufacturers of PLC is Rockwell Automation. A bad-as-it-gets (CVSS 10) vulnerability has been discovered that affects the Logix line of PLC devices. According to the alert issued by the US CERT: Successful exploitation of thisRead more

Microsoft has published details and out of cycle patches for several 0-day Exchange exploits under active attack. Microsoft Security Response Center advises: Due to the critical nature of these vulnerabilities, we recommend that customers apply the updates to affected systems immediately to protect against these exploits and to prevent future abuse across the ecosystem.   The exploits have been linked to theRead more