The NAT Slipstreaming2.0 attack exploits the standard support for VOIP routing in NAT routers/firewalls to expose all devices on the internal network to attack from the internet. A new variant of the NAT Slipstreaming attack has been published which extends the attack to abuse the H.323 protocol used by VOIP devices to manage call forwarding. […]
What is the Nat Slipstreaming2.0 Attack? Read More »
This week both SonicWall and Cisco have released patches for critical vulnerabilities in their networking products. SonicWall zero day The SonicWall vulnerability (CVE-2021-20016) is a zero-day under active attack – in fact it was used to breach SonicWall’s own network in January according to their security advisory. The flaw affects SonicWall SMA 100 series devices
SonicWall and Cisco patch critical vulnerabilities Read More »
In their tenth annual Payment Security Report, Verizon reveals the security trends affecting businesses that seek PCI-DSS compliance and cybersecurity lessons applicable to all organisations. This year’s 140 page Payment Security Report from Verizon focuses on the role and challenges of the CISO and how this relates to the performance and security of businesses in
Lessons from 2020 Payment Security Report Read More »
Described as the most sophisticated hack ever – what is the SolarWinds hack and how might it affect your business? SolarWinds provides network monitoring software to thousands of large enterprises and government departments. One of the SolarWinds products, called Orion, was compromised in a supply chain attack, and was then used to deliver Solarigate malware
SolarWinds and Solarigate Hacks Explained Read More »
Apple has released iOS 14.4 which contains fixes for two critical security vulnerabilities which they admit may have been actively exploited in the wild. The first flaw (CVE-2021-1871, CVE-2021-1870) in iOS and iPadOS is a WebKit vulnerability which could be exploited by a malicious webpage in the Safari browser to execute arbitrary code on the
Apple patches critical iOS vulnerabilities Read More »
A serious bug in the Linux SUDO utility has been discovered that allows any user to gain root privilege on a Linux system. The flaw was discovered by security firm Qualys and they describe it in their blog post as a heap overflow vulnerability that means: any unprivileged user can gain root privileges on a
Critical SUDO vulnerability discovered Read More »
Daily GDPR breach notifications are up 20% and fines are up 39% according to a new report. Law firm DLA Piper has published their third annual GDPR Fines and Data Breech Survey which reveals the number of breaches being reported is rising along with the number and level of fines being imposed. In the post-Brexit
GDPR Fines continue to grow Read More »
Microsoft continues to roll out changes to mitigate the Zerologon vulnerability and a change due in the February Patch Tuesday could break non-Windows device’s ability to connect to the domain. The Zerologon vulnerability is a flaw in the Microsoft NetLogon protocol. Tracked as CVE-2020-1472 the vulnerability allows an unauthenticated user to change passwords on the
NetLogon Security Changes coming in February Read More »
The American CISA has warned they have detected ongoing attacks against several organisations cloud services. The alert from CISA states that: The Cybersecurity and Infrastructure Security Agency (CISA) is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors are using phishing and other vectors to exploit poor cyber hygiene practices within
CISA Warns of Pass-the-Cookie attack Read More »
Microsoft starts the year with their first patch Tuesday bundle of security fixes targeting 10 Critical vulnerabilities include a zero-day being exploited in Windows Defender. The Windows Defender vulnerability (CVE-2021-1647) is reported by Microsoft as having been detected under active exploitation in the wild – but precious little context information is provided under the firm’s
Microsoft Patches Critical Bugs Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.