November’s security updates bring a bundle of important fixes for vulnerabilities in Windows and Android devices Microsoft Patch Tuesday Updates Microsoft’s security update this month fixes 55 security flaws with 6 of them called out as zero-day vulnerabilities. Microsoft classifies a zero-day as a vulnerability that is either under active attack in the wild or […]
November Security Updates Read More »
Creators and users of Operational Technology and IoT devices should pay attention to a new report from MITRE which reveals the Most Important Hardware Weaknesses causing security issues in 2021. For some years, MITRE has regularly reported on the most dangerous software security weaknesses by analysing the CVE vulnerability reports generated each year. Now they
MITRE reveals most important hardware weaknesses Read More »
Trojan Source is a new kind of source code and supply chain attack that causes the source code reviewed by a human to be different from the actual software generated by the compiler – meaning the behaviour of the software will not match what the source code appears to say. In 2000, a phishing attack
What is a Trojan Source attack? Read More »
At the RSA Conference in 2004, Bill Gates predicted the death of the password. 17 years later Microsoft is finally bringing that prediction to pass with the roll out of passwordless logins for Microsoft 365 services. How does it work, and is it secure? Bill Gates said in 2004: “There is no doubt that over
What is passwordless security? Read More »
A new malware campaign dubbed SQUIRRELWAFFLE by Cisco Talos is being spread through malicious spam that makes use of stolen email messages to add authenticity. Malicious spam (malspam) is unsolicited email that seeks to deliver a malicious payload either through a Microsoft Office attachment or by tricking the user into clicking a link in the
A javascript library downloaded millions of times each week was compromised in a supply chain attack which targeted the npm software registry. npm describes itself as the worlds largest software registry, and is used to host and share thousands of open source and private software projects. The javascript library in question is used by companies
Javascript supply chain attack hits millions of users Read More »
Microsoft has released patches for two security vulnerabilities in PowerShell which could allow a malicious script to circumvent the protection offered by Windows Defender Application Control. PowerShell is a cross-platform command-line shell used extensively in the administration of Windows and Azure servers. It is also popular with malicious users due to its power and flexibility
PowerShell Patches security flaws Read More »
LightBasin is a sophisticated threat actor that has established a persistent, long term presence in the heart of the network of at least 13 telecommunication companies around the world since 2019. According to research from Crowdstrike, the threat actor group known as UNC1945 or LightBasin, has been infiltrating the Linux and Solaris systems which run
LightBasin hacks telcos around the world Read More »
Microsoft’s 2021 Digital Defense Report provides a useful summary of the current and emerging threat landscape for Security Managers and CISOs. Read on for our summary of the key lessons from this year’s report. Cyber crime for Dummies We have seen increased industrialisation and commercialisation of cyber-crime over the last year. Criminal gangs are
2021 Digital Defense Report Read More »
Three decades ago, Microsoft released Excel 4.0 with support for XLM macro files. A firm favourite with threat actors, XLM macros can be easily subverted to drop malware onto a victim’s computer through email campaigns that deliver malicious Office365 documents such as fake invoices and reports. Microsoft has now announced that XLM macros will be
Excel XLM Macros to be disabled by default – sometimes Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.