Ian Reynolds, Author at SecureTeam

Nimbuspwn vulnerability hits Linux

Researchers at Microsoft have documented a family of vulnerabilities that affect Linux systems, dubbed Nimbuspwn. These vulnerabilities can be chained together in order to gain root privileges on Linux systems allowing attackers to install malware and access all data on the server. The vulnerabilities in the networkd-dispatcher are tracked as CVE-2022-29799 and CVE-2022-29800. Networkd-dispatcher runs as root and […]

Nimbuspwn vulnerability hits Linux Read More »

How to improve your supply chain security

Articles, Information Assurance / Ian Reynolds

The security of every business is dependent on the security of its suppliers. From the PCs on peoples desks, to the servers in cloud, the firewalls in the office and the experts that connect to your network to tune your database or manage your servers. A security failing at any of these suppliers could allow

How to improve your supply chain security Read More »

Oracle Patches Java signature bypass flaw

News, Vulnerabilities / Ian Reynolds

Oracle has issued patches for a serious flaw in Java versions 15 to 18 which allows malicious actors to trivially forge digital signatures and TLS certificates that Java then accepts as valid. The problem lies in the Elliptic Curve Digital Signature Algorithm (ECDSA) which was re-written for Java 15 and this introduced the flaw which

Oracle Patches Java signature bypass flaw Read More »

NCSC Updates Guidance on Russian cyber threat

News / Ian Reynolds

The NCSC has issued updated guidance on the evolving threat from Russian state actors and cyber criminals due to the ongoing war in Ukraine. The joint Cybersecurity Advisory (CSA) from the cybersecurity authorities in the UK, USA, Australia, Canada and New Zealand warns that: “Evolving intelligence indicates that the Russian government is exploring options for

NCSC Updates Guidance on Russian cyber threat Read More »

What is PIPEDREAM malware?

Articles, Infrastructure / Ian Reynolds

Since Stuxnet was used to damage Iran’s nuclear aspiration in 2010, there has been a dawning realisation that malware is not just a threat in cyberspace – it can cause real world damage to industrial systems and even have fatal consequences. In 2016 Russia used Industroyer malware to turn off the electricity in Kyiv –

What is PIPEDREAM malware? Read More »

Russian hack of Ukraine power grid fails

News / Ian Reynolds

On 16:10 on Friday 8th April 2022 Russia attempted to repeat their 2016 cyberattack against the Ukrainian power grid – however this time they were foiled. Security firm ESET and the Ukraine Computer Emergency Response Team CERT-UA report how they foiled the attack from the Russian Sandworm APT group which attempted to deploy malware targeting

Russian hack of Ukraine power grid fails Read More »

Microsoft Patch Tuesday April 2022

News, Vulnerabilities / Ian Reynolds

Microsoft has released fixes for two zero-day vulnerabilities and 143 other flaws in the April 2022 patch Tuesday updates, which includes 10 Critical Remote Code Execution vulnerabilities. Elevation of Privilege Zero Days Microsoft’s definition of a zero day vulnerability is a vulnerability which is either publicly disclosed or actively exploited with no official fix available.

Microsoft Patch Tuesday April 2022 Read More »

Wyze Security Camera vulnerabilities

News, Vulnerabilities / Ian Reynolds

Wyze has finally released fixes for vulnerabilities which could give attackers direct access to live video feeds and stored recordings in their smart cameras. Researchers at Bitdefender discovered the first of three vulnerabilities back in 2019 and then waited over a year and a half to report on the third as Wyze had not produced

Wyze Security Camera vulnerabilities Read More »

What is the Spring4Shell vulnerability?

News, Vulnerabilities / Ian Reynolds

Spring is a popular enterprise grade application framework for Java, and Spring4Shell is the name given to a remote code execution vulnerability disclosed at the end of March. There has been a lot of hype and confusion in the tech press surrounding this vulnerability, including confusing it with a CVE for Spring Cloud Function which

What is the Spring4Shell vulnerability? Read More »

Azure developers targeted in supply chain attack

News, Tools / Ian Reynolds

Last week over 200 malicious packages were discovered in the npm registry targeting Azure developers with PII stealing malware. Reported by security firm JFrog, the malicious packages were uploaded to npm in a sort of typosquatting attack which targeted packages within the @azure scope. The attack method is simple: the attacker creates a malicious package

Azure developers targeted in supply chain attack Read More »

Author name: Ian Reynolds

Nimbuspwn vulnerability hits Linux

How to improve your supply chain security

Oracle Patches Java signature bypass flaw

NCSC Updates Guidance on Russian cyber threat

What is PIPEDREAM malware?

Russian hack of Ukraine power grid fails

Microsoft Patch Tuesday April 2022

Wyze Security Camera vulnerabilities

What is the Spring4Shell vulnerability?

Azure developers targeted in supply chain attack

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch