Ian Reynolds, Author at SecureTeam

Critical Microsoft SharePoint Vulnerability (CVE-2024-38094) Creates Remote Code Execution Threat

The recently disclosed vulnerability, CVE-2024-38094, in Microsoft SharePoint presents a significant threat to organisations by allowing attackers to execute remote code on compromised servers. This flaw stems from improper input validation when processing ASPX files in SharePoint, and it requires minimal user interaction to exploit. Once exploited, the consequences can be severe, particularly for organisations […]

Critical Microsoft SharePoint Vulnerability (CVE-2024-38094) Creates Remote Code Execution Threat Read More »

Nation-State Attackers Exploiting Critical Infrastructure: A Growing Threat

News / Ian Reynolds

Nation-state cyberattacks on critical infrastructure are becoming increasingly sophisticated and destructive, as highlighted by recent reports. In October 2024, attackers began exploiting vulnerabilities in Ivanti software used by critical sectors, including energy and transportation. These vulnerabilities allowed cyber actors to gain unauthorised access, move laterally within networks, and execute persistent attacks, sometimes even “patching” exploited

Nation-State Attackers Exploiting Critical Infrastructure: A Growing Threat Read More »

Apple Patches VoiceOver Bug That Could Read Passwords Aloud

News, Vulnerabilities / Ian Reynolds

Apple has recently addressed a significant vulnerability in its VoiceOver feature that raised privacy concerns for iPhone and iPad users. The flaw, identified as CVE-2024-44204, allowed the VoiceOver accessibility tool to read saved passwords out loud, a critical issue for users relying on this feature to navigate their devices without visual input. The bug was

Apple Patches VoiceOver Bug That Could Read Passwords Aloud Read More »

Latest Snapekit Rootkit Poses Threat to Arch Linux Users

Malware, News / Ian Reynolds

A newly discovered rootkit known as “Snapekit” has emerged, posing a significant risk to users of Arch Linux systems, particularly those running the 6.10.2-arch1-1 kernel. According to reports from multiple cybersecurity researchers, Snapekit is a highly sophisticated rootkit that exploits 21 system calls, enabling it to operate stealthily while avoiding detection. Its ability to remain

Latest Snapekit Rootkit Poses Threat to Arch Linux Users Read More »

cyber essentials, cyber essentials, iasme, willow

Cyber Essentials – What’s Changed in the Latest Willow Question Set?

Articles, News / Ian Reynolds

Recently, IASME has introduced their latest Willow question set for the NCSC Cyber Essentials Self-Assessment Certification, which will replace the current (Montpelier) questions on the 28th April, 2025. The updates in Willow reflect evolving cybersecurity needs, incorporating more detailed and specific questions to help organisations better protect themselves from cyber threats. Here are some key

Cyber Essentials – What’s Changed in the Latest Willow Question Set? Read More »

NVIDIA Vulnerability CVE-2024-0132: A Deep Dive into the Threat and Mitigation

News, Vulnerabilities / Ian Reynolds

In September 2024, NVIDIA disclosed a critical security flaw, CVE-2024-0132, affecting its NVIDIA Container Toolkit. This vulnerability has sent shockwaves through the IT and cybersecurity communities due to its severity and potential to compromise container environments. The flaw, which has been assigned a CVSS score of 9.0 out of 10, underscores the ever-present risks of

NVIDIA Vulnerability CVE-2024-0132: A Deep Dive into the Threat and Mitigation Read More »

WinRAR Remote Code Execution Flaw Patched

News, Vulnerabilities / Ian Reynolds

A high severity vulnerability has been found in RARLAB’s popular Windows file archiver WinRAR. Security researchers at the Zero Day Initiative who first identified this vulnerability in June have published a security advisory about this flaw now that an update has been issued by the vendor. This vulnerability has the possibility of allowing remote, unauthenticated

WinRAR Remote Code Execution Flaw Patched Read More »

Stack-Based Buffer Overflows in Ivanti Avalanche

News, Vulnerabilities / Ian Reynolds

Multiple stack-based buffer overflows have been identified in Ivanti Avalanche, tracked as a single vulnerability with a critical severity rating and CVSS base score of 9.8/10. Ivanti Avalanche is an enterprise mobility management (EMM) solution used by organisations to manage and monitor mobile devices securely. Researchers at Tenable discovered and investigated these flaws, publishing an

Stack-Based Buffer Overflows in Ivanti Avalanche Read More »

Microsoft Teams Used in Social Engineering Attacks

News, Social Engineering / Ian Reynolds

Highly targeted phishing attacks have been carried out by the threat actor Midnight Blizzard, previously known as NOBELIUM, via Microsoft Teams. These attacks targeted a range of organisations including government and non-government organisations, IT services, technology businesses, manufacturing, and media companies. Through social engineering techniques Midnight Blizzard were able to achieve token and credential theft

Microsoft Teams Used in Social Engineering Attacks Read More »

Author name: Ian Reynolds

Critical Microsoft SharePoint Vulnerability (CVE-2024-38094) Creates Remote Code Execution Threat

Nation-State Attackers Exploiting Critical Infrastructure: A Growing Threat

Apple Patches VoiceOver Bug That Could Read Passwords Aloud

Latest Snapekit Rootkit Poses Threat to Arch Linux Users

Cyber Essentials – What’s Changed in the Latest Willow Question Set?

NVIDIA Vulnerability CVE-2024-0132: A Deep Dive into the Threat and Mitigation

WinRAR Remote Code Execution Flaw Patched

Stack-Based Buffer Overflows in Ivanti Avalanche

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch