Blog

In 2016, Europol, the Netherlands Police and leading anti-virus companies joined forces to create the No More Ransom project, which to date has helped over 6 million ransomware victims recover their files and avoid paying €1billion in ransom. The nomoreransom.org website provides advice for individuals and businesses on how to protect themselves against ransomware andRead more

Microsoft has moved swiftly to publish mitigation advice for a new NTLM relay attack against Windows Domain controllers, dubbed PetitPotam. An NTLM relay attack can occur when an attacker inserts themselves between a valid client-server authentication request in a Windows Domain or tricks one system into trying to authenticate itself and so providing a copyRead more

Since the start of June there has been a confusing number of security vulnerabilities reported in the Windows Print Spooler.  Let me explain what is going on. CVE-2021-1675 This is the vulnerability that caused some initial confusion – a Remote Code Execution vulnerability in the Windows Print Spooler.  This is not the vulnerability known asRead more

Security researchers at the University of London discovered several vulnerabilities in the home grown cryptography used by the Telegram messaging app which boasts half a billion users. The four vulnerabilities discovered in Telegrams bespoke MTProto protocol highlight the dangers of trying to invent new cryptographic systems rather than using proven existing solutions.  MTProto is used byRead more

SentinelLabs has discovered a severe escalation of privilege vulnerability in a printer driver used by HP, Samsung and Xerox devices since 2005 – affecting over 390 printer models and millions of computers. The vulnerable driver gets installed on Windows systems without any user intervention, simply by plugging in a printer with a USB cable orRead more

July is another bumper month for Microsoft as they ship fixes for 117 security vulnerabilities, 13 of them rated as critical and at least 4 are currently under active attack by cyber criminals. The actively exploited vulnerabilities patched this month are: CVE-2021-34527 – Windows Print Spooler RCE Vulnerability –  aka PrintNightmare It’s third time luckyRead more

Microsoft has released an emergency patch that addresses the remote code execution vulnerability in the Windows Print Spooler, known as the PrintNightmare. According to Microsoft in their security advisory: A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could runRead more

The UK National Cyber Security Centre has issued a stark warning of the dangers posed by an ongoing Russian campaign of cyber espionage and attacks against enterprise systems and cloud environments in Europe and around the world. The Cyber Security Advisory is a joint creation of the NCSC working with the NSA, CISA and FBIRead more

Kaseya provides remote management software used by thousands of IT support firms to manage millions of their end users computers.  Kaseya was targeted in a supply chain attack to deliver ransomware to a claimed million of their customers computers. Managed Service Providers who provide outsourced IT support for small and medium sized enterprises rely onRead more

A new report from Microsoft’s security research team details how the Netgear DGN-2200 broadband router can be compromised remotely, allowing attackers access to the internal network. Microsoft’s 365 Defender Research Team has published a detailed report that explains the flaws they discovered in the firmware of the Netgear DGN-2200v1 ADSL router, that enables a remoteRead more