According to research from Google’s Open Source Insights Team, the Apache Log4j vulnerabilities affect 4% of the projects in the Java ecosystem – over 17,000 packages in the Mavern Central repository alone. Log4j is a popular library that provides logging services to many thousands of Java based applications. Earlier this month security teams and system […]
What Log4j teaches us about supply chain risks Read More »
Proof of Concept code has been published showing how to exploit two vulnerabilities that would allow an attacker to obtain domain admin privilege on your Windows Domain Controllers. In the November security patch bundle, Microsoft released patches to resolve two vulnerabilities ( CVE-2021-42287 and CVE-2021-42278 ) in the Windows Active Directory Domain Services. On December 12th a proof
Install patches to protect Domain Controllers warns Microsoft Read More »
This week Microsoft released their last monthly security patch bundle for the year, fixing six zero-day vulnerabilities – and many other companies released security updates as well. Microsoft Updates for December This month Microsoft’s security bundle includes fixes for 67 vulnerabilities with six of them classified as zero-day – which means in Microsoft’s terms: that
December Patch Tuesday updates Read More »
When it comes to security vulnerabilities, they don’t get any worse than the one recently disclosed in the Log4j utility which was awarded the maximum CVSS severity of 10. This is not some theoretical risk, it is an open door to affected systems. The NCSC calls it: ‘potentially the most severe computer vulnerability in years.’
How serious is the Log4j vulnerability? Read More »
The Glupteba botnet targets Windows computers to steal passwords or commit fraud through the infected computer and is thought to include about a million compromised devices. It is growing at a rate of thousands of new systems every day. According to Google: Glupteba is notorious for stealing users’ credentials and data, mining cryptocurrencies on infected
Google tackles Glupteba botnet Read More »
Mozilla has published a security advisory warning of a critical security vulnerability in the Network Security Services libraries which are widely used by open-source software. While the bug does not impact Mozilla Firefox, it is thought to affect many other email clients and PDF viewers that use the electronic signature verification features of the Network
Mozilla warns of digital signature vulnerability Read More »
Europol called Emotet “the world’s most dangerous malware” – and it is back in the security news this week – but what is Emotet, and how can you protect your network from Emotet based attacks? Emotet is the name given to a strain of malware and the cyber-crime organisation that created it. First detected in
What is Emotet malware? Read More »
A new report from HP’s Threat Research Blog provides details of an evasive Javascript loader that gets passed security tools 89% of the time. Remote Access Trojans (RATs) are a class of malware that is designed to gain persistent access to the target computer system, and by leveraging elevation of privilege vulnerabilities gain administrator rights
How to defend against the RATdispenser Read More »
The UK Government has introduced new legislation which will improve the security of smartphones, IoT devices and connected appliances. The Product Security and Telecommunications Infrastructure (PSTI) Bill will require the manufacturers, importers and distributors of consumer connectable products to comply with cyber security good practices. According to the Government the regulations that flow from the new
New law to make IoT devices more secure Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.