Ian Reynolds, Author at SecureTeam

Cybercriminals shift focus from consumers to businesses

Compared to Q1 2018, malware detections in businesses has increased 235% while dropping 24% for consumers. Anti-virus and security firm Malwarebytes reports in their latest Cybercrime Tactics and Techniques report that cybercriminals are following the money and shifting their focus from consumers to businesses that have more valuable assets and possibly the financial resources to […]

Cybercriminals shift focus from consumers to businesses Read More »

Office365 credential stealing tactics

News, Tools / Ian Reynolds

Organisations using Office365 are being targeted with an ingenious credential stealing campaign which uses Azure hosting to add legitimacy. First reported by Edgewave, this approach uses fake Office365 login pages which are hosted on Azure. By using Azure Blob Storage to host the html pages, the URL for the malicious webpage is delivered from the

Office365 credential stealing tactics Read More »

Why Pen-Testing Matters

Articles, Web Applications / Ian Reynolds

What is pen-testing and how does it keep your business secure? Penetration testing defined Penetration testing is a form of ethical hacking, where organisations ask a trusted expert to try to penetrate (access) their network and systems. A penetration test plays a crucial role in identifying vulnerabilities on your critical infrastructure – systems, networks, and

Why Pen-Testing Matters Read More »

MS Office now most targeted malware vector

News, Vulnerabilities / Ian Reynolds

Kaspersky has recently published information on what their security products are observing in their clients systems – and the dramatic rise of MS Office as a malware target. In 2016 MS Office was the target of 16% of attacks, behind Android at 19% and web browsers who were the dominant target with 45% of all

MS Office now most targeted malware vector Read More »

Atlassian issues critical security advisory for Confluence

News, Vulnerabilities / Ian Reynolds

Many modern software factories adopting Agile development methodologies also take on the tools of Atlassian such as Jira to managed their feature backlog and Confluence for documentation. A critical path traversal vulnerability has been discovered in the on-premises version of Confluence Server and Data Centre which will allow a remote user who has permission to

Atlassian issues critical security advisory for Confluence Read More »

Does your organisations data lurk in the shadows?

Articles, Information Assurance / Ian Reynolds

“Shadow IT” (also known as “Stealth IT”, “Client IT” or “What have those eejits in marketing done now?”) is the term used to describe IT systems which are developed and owned by business teams outside of the control or jurisdiction of an organisation’s IT department. Usually initiated with pure intentions, these systems can pose a

Does your organisations data lurk in the shadows? Read More »

500 million Windows users at risk from WinRAR

News, Vulnerabilities / Ian Reynolds

A recently disclosed absolute path traversal bug in the WinRAR utility is being actively leveraged in at least 100 unique exploits according to security firm McAfee. WinRAR is a file archiver/unarchiver for the Windows platform, popular in part as it is distributed as trialware which has led to over 500 million users installing it. The

500 million Windows users at risk from WinRAR Read More »

Microsoft improve code-signing on security updates with SHA-2

News / Ian Reynolds

Microsoft is changing the way it digitally signs updates to Windows to improve protection against supply chain attacks – ensuring only valid original patches from Microsoft are installed through the Windows update utility. Currently, Windows patches are digitally-signed using both the SHA-1 and SHA-2 algorithms; however, because of known vulnerabilities in the SHA-1 hashing algorithm,

Microsoft improve code-signing on security updates with SHA-2 Read More »

What are Formjacking attacks ?

Articles, Web Applications / Ian Reynolds

Formjacking is a type of cyber attack that can be used by an attacker to steal sensitive information that is entered by website users through forms. Most usually this type of attack targets ecommerce sites to obtain payment card details and personal information that are entered by customers; however, Formjacking attacks can target any website which

What are Formjacking attacks ? Read More »

Novel application package allows Windows malware to target MacOS and Linux

News, Vulnerabilities / Ian Reynolds

In the eternal arms race between malware creators and security vendors, a novel new tactic has emerged. Trend Micro has recently reported that Windows executables (.EXE files) are being created that target non-windows platforms such as MacOS. Because .EXE files are not supported as an executable on MacOS the built in Gatekeeper protection layer in

Novel application package allows Windows malware to target MacOS and Linux Read More »

Author name: Ian Reynolds

Cybercriminals shift focus from consumers to businesses

Office365 credential stealing tactics

Why Pen-Testing Matters

MS Office now most targeted malware vector

Atlassian issues critical security advisory for Confluence

Does your organisations data lurk in the shadows?

500 million Windows users at risk from WinRAR

Microsoft improve code-signing on security updates with SHA-2

What are Formjacking attacks ?

Novel application package allows Windows malware to target MacOS and Linux

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch