New versions have been released for the four popular implementations of VNC after Kaspersky discovered thirty-seven vulnerabilities in the software VNC (or Virtual Network Computing) is a system that allows one device to access the screen and control the keyboard and mouse of another device. Using the Remote Frame Buffer (RFB) protocol, VNC has beenRead more
Blog
HP has issued a critical firmware update for a large number of their SSD drives which will fail after 32768 hours of operation. The defect in the firmware for the SSD drives will cause them to fail and all data on the drive to be permanently lost after 32,768 hours of operation. That’s 3 years,Read more
As professionals in the technical discipline of Information Technology, it can be easy to forget that the risks that we need to guard against are more than purely technical. While it is true that patches need to be applied, security baselines followed, and firewalls configured – the job does not end there. For many organisations,Read more
Flaws in the Oracle Thin Client Framework API used in the General Ledger and Work in Progress modules of Oracle EBS leave thousands of firms vulnerable to financial fraud. Specialist Oracle security firm Onapsis has released a summary of exploits based on these vulnerabilities which they name Payday. One proof of concept demonstration shows how anRead more
There are just two patch Tuesdays left until Windows 7 and Windows Server 2008 reach their end of support cut off in January 2020. Organisations that are unable (or unwilling) to make the leap to Windows 10 do have the option to purchase extended support from Microsoft. Exactly how Volume Licensing customers can do thisRead more
Researchers demonstrate how to extract secure keys from an Intel Trusted Platform Module in 4 minutes The Trusted Platform Module (or TPM) is a secure enclave within a computer that acts as a root of trust for the operating system and secure storage area for security keys. The TPM can be implemented either as aRead more
Bluekeep is serious vulnerability in the RDP protocol affecting Windows systems. After months of waiting, active exploits have now been spotted in the wild for the first time, attempting to install cryptomining malware on the vulnerable systems. Security researcher Kevin Beaumont has been running a network of honeypots in an attempt to capture Bluekeep malware inRead more
Publishing giant Nikkei has reported they have lost $29million in an email fraud. In a press release they said: In late September 2019, an employee of Nikkei America, Inc. (New York City, United States) (“Nikkei America”), a subsidiary of Nikkei Inc. (“Nikkei”), had transferred approximately 29 million United States dollars (approximately 3.2 billion Japanese Yen)Read more
Reading about the latest hacks by alleged nation state sponsored groups from China or Russia may make for interesting lunchtime reading. But do these groups pose a real threat to the typical business? Many security managers ask themselves: Do I really need to worry about nation state actors? In this article, we will answer thatRead more
A serious remote command execution vulnerability in the PHP-FGM module when used with NGINX has been disclosed in CVE CVE-2019-11043. Since NGINX does not have a native in-process PHP runtime and uses PHP-FGM instead, the PHP-FGM module is widely used. By submitting a specially crafted (yet simple) HTTP requested to the NGINX server, it isRead more
