SecureTeam

Microsoft releases emergency patch for PrintNightmare

Microsoft has released an emergency patch that addresses the remote code execution vulnerability in the Windows Print Spooler, known as the PrintNightmare. According to Microsoft in their security advisory: A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run […]

Microsoft releases emergency patch for PrintNightmare Read More »

What is the Kaseya Ransomware attack?

News / Ian Reynolds

Kaseya provides remote management software used by thousands of IT support firms to manage millions of their end users computers. Kaseya was targeted in a supply chain attack to deliver ransomware to a claimed million of their customers computers. Managed Service Providers who provide outsourced IT support for small and medium sized enterprises rely on

What is the Kaseya Ransomware attack? Read More »

Netgear broadband router vulnerable to remote compromise

News, Vulnerabilities / Ian Reynolds

A new report from Microsoft’s security research team details how the Netgear DGN-2200 broadband router can be compromised remotely, allowing attackers access to the internal network. Microsoft’s 365 Defender Research Team has published a detailed report that explains the flaws they discovered in the firmware of the Netgear DGN-2200v1 ADSL router, that enables a remote

Netgear broadband router vulnerable to remote compromise Read More »

Critical PrintNightmare vulnerability exposes Domain controllers

News, Vulnerabilities / Ian Reynolds

Code demonstrating how to exploit an 0day vulnerability in the Windows Print Spooler was accidentally published on GitHub this week. This remote code execution vulnerability can be exploited to take control of a fully patched Windows Domain Controller. In the June 2021 Patch bundle, Microsoft delivered a fix for CVE-2021-1675, an elevation of privilege and

Critical PrintNightmare vulnerability exposes Domain controllers Read More »

How Poor Library Hygiene Compromises your Application Security

News / Ian Reynolds

Modern software development makes extensive use of open-source libraries that save development time and money. However, 79% of developers fail to keep those libraries up to date leaving their code vulnerable to newly discovered flaws and vulnerabilities. A new report from testing firm Veracode reveals some worrying trends that Security Managers should discuss with their

How Poor Library Hygiene Compromises your Application Security Read More »

iOS WiFi crashes with malicious hotspot name

News, Vulnerabilities / Ian Reynolds

iPhone users should beware after a bug is disclosed that can disable the WiFi system simply by connecting to a hotspot with a specially crafted name. The bug in iOS results from a poorly sanitised input string (Improper Input Validation) and in this case it was a failure to remove escape sequences from the input.

iOS WiFi crashes with malicious hotspot name Read More »

Ransomware is key cyber threat to UK businesses

News, Tools / Ian Reynolds

The CEO of the UK’s National Cyber Security Centre, part of GCHQ, says that the main threat facing UK businesses and consumers is ransomware coming from cyber criminals. This week Lindy Cameron delivered the Annual Security Lecture to the Royal United Services Institute where she stated that: For most UK citizens and businesses, and indeed

Ransomware is key cyber threat to UK businesses Read More »

Google Chrome 0Day RCE Fixed

News, Vulnerabilities / Ian Reynolds

Google is rolling out a new version of their Chrome web browser that fixes a remote code execution vulnerability that is under attack in the wild – the seventh zero day in Chrome so far this year. The new version of Chrome (91.0.4472.114) on Linux, Windows, and Mac resolves four high severity vulnerabilities including CVE-2021-30554

Google Chrome 0Day RCE Fixed Read More »

Windows Containers and Kubernetes under attack

News, Vulnerabilities / Ian Reynolds

Microsoft has warned that Kubernetes clusters are being targeted in a cryptomining attack while Palo Alto Networks has identified the first malware that targets Windows Containers – in order to compromise the Kubernetes clusters that host them. Cryptomining on Kubernetes Kubeflow is a popular framework for deploying Machine Learning workloads in a Kubernetes environment. Microsoft

Windows Containers and Kubernetes under attack Read More »

June Patch Tuesday and Vulnerability Roundup

News, Vulnerabilities / Ian Reynolds

The June security updates include 7 zero-day exploits fixed in Microsoft code, 5 high-severity bugs in Intel BIOS firmware and Security Library, and 21 critical vulnerabilities fixed in Adobe products. Microsoft Updates The June 2021 security updates from Microsoft resolves 7 zero-day vulnerabilities- six of them known to be exploited in the wild – and

June Patch Tuesday and Vulnerability Roundup Read More »

News

Microsoft releases emergency patch for PrintNightmare

What is the Kaseya Ransomware attack?

Netgear broadband router vulnerable to remote compromise

Critical PrintNightmare vulnerability exposes Domain controllers

How Poor Library Hygiene Compromises your Application Security

iOS WiFi crashes with malicious hotspot name

Ransomware is key cyber threat to UK businesses

Google Chrome 0Day RCE Fixed

Windows Containers and Kubernetes under attack

June Patch Tuesday and Vulnerability Roundup

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch