In recent years the main vendors of the operating systems and databases that run our businesses, schools and governments have made significant strides to provide a reliable stream of patches and upgrades which are easy to install or even automatically installed. Microsoft’s Patch Tuesday has been emulated by other vendors including Adobe and SAP. TheseRead more
Blog
Microsoft has released details of a zero-day remote code execution vulnerability which is being actively exploited to attack Windows computers. It affects all versions of Internet Explorer running on Windows 7, 8.1 and 10. The problems lies in one of the two javascript engines available within IE. Since a webpage can request IE to useRead more
In a recent whitepaper, Microsoft provides advice on how to spot RDP attacks in Windows event logs while the attack is still underway. The paper titled: “Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks” succinctly explains the risk posed by RDP servers when published to the internet:Read more
Security Information and Event Management – SIEM – is the ability to collate and analyse events from across the network in real time in order to detect security incidents and attacks. Many organisations first encounter SIEM when it becomes a compliance exercise in order meet the requirements of a security framework such as PCI-DSS orRead more
Cable Haunt is a vulnerability in millions of cable modems which allows an attacker to execute arbitrary code on the modem. This vulnerability is interesting for two reasons – firstly the scale due to the number of vulnerable devices and secondly how the vulnerability came about. Cable Haunt is a buffer overflow defect in theRead more
The last ever Windows 7 Patch Tuesday update also includes a fix to a long standing bug in the Windows cryptographic library (CryptoAPI) which could allow attackers to spoof digital certificates and conduct man-in-the-middle attacks. Microsoft has long warned that January 2020 was the end of support for Windows 7, meaning that this is expectedRead more
A remote code execution vulnerability has been discovered in SQLite, dubbed Magellan 2.0 by the research team that discovered it. Tencent’s Blade security research team has published some details of a remote code execution vulnerability that affects all version of SQLite prior to the latest patch issued on 13 December 2019. SQLite is a widely usedRead more
When Positive Technologies reported a serious flaw in a core element of the Citrix architecture just before Christmas, they predicted up to 80,000 businesses could be at risk. If that vulnerability is exploited, attackers obtain direct access to the company’s local network from the Internet. This attack does not require access to any accounts, and thereforeRead more
In a statement posted on Twitter, Foreign Exchange specialist Travelex confirms that its systems had been subject to a cyberattack on New Years Eve and that many systems and services had been taken offline as a precaution. Four days into the incident, the main Travelex UK home page was still displaying an ASP.NET default errorRead more
The release of the final Star Wars movie this month has been accompanied by a surge in fake download sites offering early or free access to the film while really depositing malware onto fans computers. For organisations that allow employees to take laptops home for the holidays, this may pose an additional risk if theRead more
