Blog

Long considered a theoretical attack, HTTP request smuggling is now ‘soaring in popularity’ according to a new research paper published this month.  What is HTTP request smuggling and what risk does it pose to your network? HTTP Request Smuggling (HRS) was first documented back in 2005.  It is made possible by the way different webRead more

A new research paper looks at the security risks posed by the printers found in most offices and homes – and coins the term PrintJack to mean the hijacking of a printer by a threat actor. The research paper outlines three types of attack that could leverage a compromised printer.  The standard TCP/IP port usedRead more

This week there have been several exploits published that target recently published (and patched) vulnerabilities in Microsoft Exchange Server and Windows 10/11 systems. Coming just a week after Microsoft published patches for these vulnerabilities, already proof of concept code has been made available on GitHub and threat actors have started targeting the exploits hoping toRead more

Blacksmith is a new kind of Rowhammer attack that has been proved to successfully bypass existing Rowhammer protections in modern DDR4 memory chips – allowing researchers to extract security secrets and change memory contents on victim computers. What is Rowhammer? Modern computer memory chips are physically very dense – with billions of memory cells (eachRead more

Palo Alto Networks has released a critical patch for their firewalls with GlobalProtect  Portal or Gateway interfaces.  With a critical severity rating of 9.8, this memory corruption vulnerability could allow an attacker to execute remote code on the firewall with root privileges. According to the security advisory published by Palo Alto Networks: This issue isRead more

At the turn of midnight at the end of October, parts of Windows 11 suddenly stopped working. The reason why the Snipping Tool, touch keyboard and emoji panel refused to run was an expired certificate.  Microsoft rushed out an emergency fix to restore some of the broken parts of Windows 11 on the 5th November.Read more

The US Government has published a list of security vulnerabilities that must be patched on all government systems within the next 2 weeks.  Developed by the Cybersecurity and Infrastructure Security Agency (CISA) – the binding operational directive provides a list of vulnerabilities that are being exploited to attack government systems.  Under the terms of theRead more

November’s security updates bring a bundle of important fixes for vulnerabilities in Windows and Android devices Microsoft Patch Tuesday Updates Microsoft’s security update this month fixes 55 security flaws with 6 of them called out as zero-day vulnerabilities.  Microsoft classifies a zero-day as a vulnerability that is either under active attack in the wild orRead more

Creators and users of Operational Technology and IoT devices should pay attention to a new report from MITRE which reveals the Most Important Hardware Weaknesses causing security issues in 2021. For some years, MITRE has regularly reported on the most dangerous software security weaknesses by analysing the CVE vulnerability reports generated each year.  Now theyRead more

Trojan Source is a new kind of source code and supply chain attack that causes the source code reviewed by a human to be different from the actual software generated by the compiler – meaning the behaviour of the software will not match what the source code appears to say. In 2000, a phishing attackRead more