Return-Oriented Programming is a security exploit technique used by attackers to execute code on their target system. By obtaining control of the call stack, the attacker can control the flow of existing trusted software running on the computer and manipulate it to their own ends. New research published this month has demonstrated how SPECTRE style vulnerabilities […]
How Return-Oriented Programming exploits work Read More »
HTML smuggling is a technique for bypassing perimeter security devices by generating malicious HTML behind the firewall – within the browser on the target endpoint. HTML Smuggling techniques sidestep traditional network security solutions such as email scanners, proxies and sandboxes by using the features of HTML5 and Javascript. This is done by generating the malicious HTML
What is HTML smuggling? Read More »
Network segmentation is a powerful and essential tool in the security manager’s arsenal that improves the security of computer networks and makes them easier to manage. Network segmentation provides protection against attackers who manage to breach the perimeter defences by limiting their ability to move laterally within the network. It can also protect key systems
What is network segmentation Read More »
What is a Next Generation Firewall and how can it help keep your network secure? The phrase ‘next generation firewall’ is increasingly being used by security vendors to describe their network security products. However, the definition of precise capabilities required to call a firewall next generation (or not) are far from universally agreed. This article
What is a Next Generation Firewall? Read More »
Verizon has published their 13th annual Data Breach Investigations Report – and it focuses on security incidents and breaches that occurred during 2019. The 2020 DBIR analysed 157,525 incidents, 32,002 in detail and confirmed 3950 breaches in 81 countries. Although the scope is global, half of the incidents in the data come from North America
Key Lessons from 2020 Data Breach Report Read More »
Security Awareness Training is an essential component of any organisation’s information security. Even though it is mandated by frameworks such as PCI-DSS or ISO 27001, Security Awareness Training should be more than just a compliance exercise. A good security awareness training programme will drive changes in behaviour amongst staff, suppliers and customers that will improve
What is Security Awareness Training Read More »
Server hardening is a set of disciplines and techniques which improve the security of an ‘off the shelf’ server. Server Hardening is requirement of security frameworks such as PCI-DSS and is typically included when organisations adopt ISO27001. What is the attack surface The aim of server hardening is to reduce the attack surface of
What is server hardening ? Read More »
Most people have heard of the dark web and the stories of the criminal activity that takes place on the dark web. For the most part, these stories are true; however, there is a lot more to the dark web than drugs, guns and stolen credit cards. In this article, we are going to be
What Is The Dark Web & How Does It Work? Read More »
Mitre ATT&CK helps security managers defend their networks by providing a framework for categorising the techniques and tactics used in real world cyberattacks. Founded in 2013 in order to document the common threats, tactics and procedures used to attack Windows networks, Mitre ATT&CK has gathered data and telemetry on real world attacks which can be
What is Mitre ATT&CK? Read More »
In recent years the main vendors of the operating systems and databases that run our businesses, schools and governments have made significant strides to provide a reliable stream of patches and upgrades which are easy to install or even automatically installed. Microsoft’s Patch Tuesday has been emulated by other vendors including Adobe and SAP. These
Infrastructure Patching Problems Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.