SecureTeam

Exchange can now automatically mitigate new vulnerabilities

The September update for Microsoft Exchange includes a new security feature for on-premises servers – they can now automatically mitigate new vulnerabilities just like the cloud versions used by Office 365. The last 12 months have not been fun for Exchange administrators with a series of high-profile vulnerabilities affecting on-premise Exchange servers resulting in the […]

Exchange can now automatically mitigate new vulnerabilities Read More »

VMware issues critical security advisory

News, Vulnerabilities / Ian Reynolds

VMware has issued a critical security advisory for customers using vCenter Server 6.5,6.7 and 7.0 – warning customers that they need to do something about it ‘right now.’ The problem (CVE-2021-22005) is a Remote Code Execution vulnerability with a CVSS score of 9.8. A malicious user with access to network port 443 is able to

VMware issues critical security advisory Read More »

Largest Ever DDoS Exceeds 21m requests per second

News / Ian Reynolds

Russian Internet firm Yandex has been fighting a DDoS attack all summer, which has reached a peak attack rate of 21.8 million requests per second, powered by a quarter of a million rogue routers that form the Meris botnet. According to security firm Qrator Labs which provides DDoS protection for Yandex, up to 56,000 devices

Largest Ever DDoS Exceeds 21m requests per second Read More »

September Patch Tuesday fixes Critical and Zero Day vulnerabilities

News, Vulnerabilities / Ian Reynolds

The September Patch Tuesday security bundle from Microsoft fixes 60 vulnerabilities including some rated as Critical and a zero-day vulnerability under active attack affecting Microsoft Office. Microsoft Security updates for September Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444) was publicised in early September when Microsoft warned Office 365 customers about the vulnerability. The flaw was

September Patch Tuesday fixes Critical and Zero Day vulnerabilities Read More »

Key lessons from the 2021 Data Breach Investigations Report

Articles, Information Assurance / Ian Reynolds

The 2021 Data Breach Investigations report provides insights from the analysis of over 29,000 real world cyber security incidents from 2020 helping Security Managers track the evolving behaviour and tactics of threat actors. The Verizon Data Breach Investigations report has become a regular fixture on the annual cyber security calendar over the last 14 years.

Key lessons from the 2021 Data Breach Investigations Report Read More »

Critical patches released for Netgear Switches

News, Vulnerabilities / Ian Reynolds

Netgear has published patches for 20 of its managed smart switches to fix three vulnerabilities that can lead to the switch being taken over by an attacker potentially giving them control over your network. With names like Demons Cries, Draconian Fear and Seventh Inferno, the vulnerabilities were addressed in patches released by Netgear on 3rd

Critical patches released for Netgear Switches Read More »

Microsoft warns Office 365 targeted by zero-day RCE

News, Vulnerabilities / Ian Reynolds

A zero-day Remote Code Execution attack targeting Office 365 and Office 2019 users has prompted Microsoft to issue a security advisory with a workaround to protect your network until a patch is available. According to the security advisory released by Microsoft: Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects

Microsoft warns Office 365 targeted by zero-day RCE Read More »

The rise and rise of BEC fraud

Articles, Social Engineering / Ian Reynolds

Business Email Compromise, and its evil brother CEO Fraud, are both email based fraud attacks that seek to trick the victim into paying a fake invoice or transferring or diverting funds through some other kind of deception. Read on to learn how to protect your business from BEC Fraud. What is BEC fraud? Business Email

The rise and rise of BEC fraud Read More »

Yet another Exchange Server vulnerability

News, Vulnerabilities / Ian Reynolds

Details have emerged of (another) Exchange Server vulnerability, called ProxyToken, which allows an attacker to reconfigure an Exchange server remotely without needing to know any passwords. Reported by the Zero Day Initiative the vulnerability affects Exchange server versions 2013 through 2019: With this vulnerability, an unauthenticated attacker can perform configuration actions on mailboxes belonging to

Yet another Exchange Server vulnerability Read More »

ProxyShell vulnerability hits Exchange Servers

News, Vulnerabilities / Ian Reynolds

ProxyShell can be exploited to achieve a Remote Code Execution without needing to know any usernames or passwords for the targeted Exchange Server – security vulnerabilities do not come any worse than this. ProxyShell is easier to exploit than the ProxyLogon attacks that hit the headlines earlier this year, prompting CISA to issue their first ever

ProxyShell vulnerability hits Exchange Servers Read More »

2021

Exchange can now automatically mitigate new vulnerabilities

VMware issues critical security advisory

Largest Ever DDoS Exceeds 21m requests per second

September Patch Tuesday fixes Critical and Zero Day vulnerabilities

Key lessons from the 2021 Data Breach Investigations Report

Critical patches released for Netgear Switches

Microsoft warns Office 365 targeted by zero-day RCE

Yet another Exchange Server vulnerability

ProxyShell vulnerability hits Exchange Servers

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch