SecureTeam

New law to make IoT devices more secure

The UK Government has introduced new legislation which will improve the security of smartphones, IoT devices and connected appliances. The Product Security and Telecommunications Infrastructure (PSTI) Bill will require the manufacturers, importers and distributors of consumer connectable products to comply with cyber security good practices. According to the Government the regulations that flow from the new […]

New law to make IoT devices more secure Read More »

What is a PrintJack attack?

News / Ian Reynolds

A new research paper looks at the security risks posed by the printers found in most offices and homes – and coins the term PrintJack to mean the hijacking of a printer by a threat actor. The research paper outlines three types of attack that could leverage a compromised printer. The standard TCP/IP port used

What is a PrintJack attack? Read More »

Attackers rapidly target Microsoft vulnerabilities

News, Vulnerabilities / Ian Reynolds

This week there have been several exploits published that target recently published (and patched) vulnerabilities in Microsoft Exchange Server and Windows 10/11 systems. Coming just a week after Microsoft published patches for these vulnerabilities, already proof of concept code has been made available on GitHub and threat actors have started targeting the exploits hoping to

Attackers rapidly target Microsoft vulnerabilities Read More »

Blacksmith brings down the Rowhammer

News, Vulnerabilities / Ian Reynolds

Blacksmith is a new kind of Rowhammer attack that has been proved to successfully bypass existing Rowhammer protections in modern DDR4 memory chips – allowing researchers to extract security secrets and change memory contents on victim computers. What is Rowhammer? Modern computer memory chips are physically very dense – with billions of memory cells (each

Blacksmith brings down the Rowhammer Read More »

Palo Alto Networks patches VPN/Firewalls

News, Vulnerabilities / Ian Reynolds

Palo Alto Networks has released a critical patch for their firewalls with GlobalProtect Portal or Gateway interfaces. With a critical severity rating of 9.8, this memory corruption vulnerability could allow an attacker to execute remote code on the firewall with root privileges. According to the security advisory published by Palo Alto Networks: This issue is

Palo Alto Networks patches VPN/Firewalls Read More »

US Government publishes critical vulnerabilities list

News, Tools / Ian Reynolds

The US Government has published a list of security vulnerabilities that must be patched on all government systems within the next 2 weeks. Developed by the Cybersecurity and Infrastructure Security Agency (CISA) – the binding operational directive provides a list of vulnerabilities that are being exploited to attack government systems. Under the terms of the

US Government publishes critical vulnerabilities list Read More »

November Security Updates

News, Vulnerabilities / Ian Reynolds

November’s security updates bring a bundle of important fixes for vulnerabilities in Windows and Android devices Microsoft Patch Tuesday Updates Microsoft’s security update this month fixes 55 security flaws with 6 of them called out as zero-day vulnerabilities. Microsoft classifies a zero-day as a vulnerability that is either under active attack in the wild or

November Security Updates Read More »

MITRE reveals most important hardware weaknesses

News, Tools / Ian Reynolds

Creators and users of Operational Technology and IoT devices should pay attention to a new report from MITRE which reveals the Most Important Hardware Weaknesses causing security issues in 2021. For some years, MITRE has regularly reported on the most dangerous software security weaknesses by analysing the CVE vulnerability reports generated each year. Now they

MITRE reveals most important hardware weaknesses Read More »

What is a Trojan Source attack?

News, Vulnerabilities / Ian Reynolds

Trojan Source is a new kind of source code and supply chain attack that causes the source code reviewed by a human to be different from the actual software generated by the compiler – meaning the behaviour of the software will not match what the source code appears to say. In 2000, a phishing attack

What is a Trojan Source attack? Read More »

What is malspam?

News / Ian Reynolds

A new malware campaign dubbed SQUIRRELWAFFLE by Cisco Talos is being spread through malicious spam that makes use of stolen email messages to add authenticity. Malicious spam (malspam) is unsolicited email that seeks to deliver a malicious payload either through a Microsoft Office attachment or by tricking the user into clicking a link in the

What is malspam? Read More »

News

New law to make IoT devices more secure

What is a PrintJack attack?

Attackers rapidly target Microsoft vulnerabilities

Blacksmith brings down the Rowhammer

Palo Alto Networks patches VPN/Firewalls

US Government publishes critical vulnerabilities list

November Security Updates

MITRE reveals most important hardware weaknesses

What is a Trojan Source attack?

What is malspam?

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch