+44 (0)203 88 020 88

Menu

Search

Information Assurance

MITRE’s Top 25 Most Dangerous CWEs for 2023

A list of the top 25 most dangerous common weakness enumeration (CWE) software weaknesses for 2023 has been compiled by MITRE to inform people of the “most common and impactful” vulnerabilities and weaknesses affecting software over the past two years. This list was created using CVE data from the National Institute of Standards and Technology

MITRE’s Top 25 Most Dangerous CWEs for 2023 Read More »

OpenSSH Cryptomining Attacks on Linux and IoTs

Internet-facing Linux-based systems and Internet of Things (IoT) devices are being targeted in a recent attack that uses a patched version of OpenSSH to take over the devices and install cryptomining malware.    Cryptomining involves the solving of complex mathematical problems to verify the payments carried out in cryptocurrency transactions, and creating new cryptocurrency tokens

OpenSSH Cryptomining Attacks on Linux and IoTs Read More »

Critical Flaws Exploited in MOVEit Transfer Data Theft

MOVEit Transfer and MOVEit Cloud customers experienced data theft attacks through the exploit of critical vulnerabilities beginning at the end of last month. High profile organisations across the UK and USA suffered massive data breaches as a result.     Ongoing investigation into these attacks have resulted in three vulnerabilities being identified and patched by Progress

Critical Flaws Exploited in MOVEit Transfer Data Theft Read More »

Managing Supply Chain Attacks with Cyber Security

Supply chain security is an important but often overlooked step of cyber security risk management. Incidents that affect your suppliers can have as much of a damaging impact on your organisation as a direct attack would. Understanding your supply chain, and the points at which vulnerabilities can be introduced and exploited, is a key step

Managing Supply Chain Attacks with Cyber Security Read More »

New Botnet Campaign uses Critical Ruckus Flaw

Researchers at Fortinet have identified a new botnet campaign that utilises a Ruckus remote code execution (RCE) vulnerability to install malware and perform distributed denial of service (DDoS) attacks. This botnet is known as AndoryuBot due to the filename ‘Andoryu’ being used for the malware installed in this attack. It was first seen in attacks

New Botnet Campaign uses Critical Ruckus Flaw Read More »

EvilExtractor Sold as ‘Educational Tool’ is Info Stealer

EvilExtractor is an info stealer malware tool designed for data theft attacks on Windows operating systems. Researchers at Fortinet’s threat research group FortiGuard Labs have published an analysis of this tool detailing the attack method for this malware, and its impact on its victims. The research concluded that although there are no specific industries targeted

EvilExtractor Sold as ‘Educational Tool’ is Info Stealer Read More »

0

No products in the basket.

No products in the basket.