The NCSC has issued updated guidance on the evolving threat from Russian state actors and cyber criminals due to the ongoing war in Ukraine. The joint Cybersecurity Advisory (CSA) from the cybersecurity authorities in the UK, USA, Australia, Canada and New Zealand warns that: “Evolving intelligence indicates that the Russian government is exploring options for […]
NCSC Updates Guidance on Russian cyber threat Read More »
Since Stuxnet was used to damage Iran’s nuclear aspiration in 2010, there has been a dawning realisation that malware is not just a threat in cyberspace – it can cause real world damage to industrial systems and even have fatal consequences. In 2016 Russia used Industroyer malware to turn off the electricity in Kyiv –
What is PIPEDREAM malware? Read More »
On 16:10 on Friday 8th April 2022 Russia attempted to repeat their 2016 cyberattack against the Ukrainian power grid – however this time they were foiled. Security firm ESET and the Ukraine Computer Emergency Response Team CERT-UA report how they foiled the attack from the Russian Sandworm APT group which attempted to deploy malware targeting
Russian hack of Ukraine power grid fails Read More »
Microsoft has released fixes for two zero-day vulnerabilities and 143 other flaws in the April 2022 patch Tuesday updates, which includes 10 Critical Remote Code Execution vulnerabilities. Elevation of Privilege Zero Days Microsoft’s definition of a zero day vulnerability is a vulnerability which is either publicly disclosed or actively exploited with no official fix available.
Microsoft Patch Tuesday April 2022 Read More »
Wyze has finally released fixes for vulnerabilities which could give attackers direct access to live video feeds and stored recordings in their smart cameras. Researchers at Bitdefender discovered the first of three vulnerabilities back in 2019 and then waited over a year and a half to report on the third as Wyze had not produced
Wyze Security Camera vulnerabilities Read More »
Spring is a popular enterprise grade application framework for Java, and Spring4Shell is the name given to a remote code execution vulnerability disclosed at the end of March. There has been a lot of hype and confusion in the tech press surrounding this vulnerability, including confusing it with a CVE for Spring Cloud Function which
What is the Spring4Shell vulnerability? Read More »
Last week over 200 malicious packages were discovered in the npm registry targeting Azure developers with PII stealing malware. Reported by security firm JFrog, the malicious packages were uploaded to npm in a sort of typosquatting attack which targeted packages within the @azure scope. The attack method is simple: the attacker creates a malicious package
Azure developers targeted in supply chain attack Read More »
Google has released a patch for a zero day exploit in Google Chrome – the second zero day patched so far this year. Tracked as CVE-2022-1096, this High severity Type Confusion vulnerability was reported on 23rd March and a patch was released just 48 hours later. Google is aware that an exploit exists in the
Google Chrome Zero Day Patched Read More »
‘Use After Free’ is the name given to security vulnerabilities that occur because of a problem with the way an application is managing its memory. When one part of a program attempts to use some memory that another part of the program has released because it is no longer needed the application may crash, produce
What is a Use After Free Vulnerability? Read More »
Earlier this month, the Vue.js JavaScript framework was subject to a supply chain attack via the npm ecosystem. The node-ipc package was sabotaged by its creator and was pulled into other people’s projects resulting in anti-war messages being displayed to users and, in some cases, data destruction. Node-ipc is a popular module used in the
Npm sabotaged by Ukraine protest Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.