SecureTeam

Critical PrintNightmare vulnerability exposes Domain controllers

Code demonstrating how to exploit an 0day vulnerability in the Windows Print Spooler was accidentally published on GitHub this week. This remote code execution vulnerability can be exploited to take control of a fully patched Windows Domain Controller. In the June 2021 Patch bundle, Microsoft delivered a fix for CVE-2021-1675, an elevation of privilege and […]

Critical PrintNightmare vulnerability exposes Domain controllers Read More »

How Poor Library Hygiene Compromises your Application Security

News / Ian Reynolds

Modern software development makes extensive use of open-source libraries that save development time and money. However, 79% of developers fail to keep those libraries up to date leaving their code vulnerable to newly discovered flaws and vulnerabilities. A new report from testing firm Veracode reveals some worrying trends that Security Managers should discuss with their

How Poor Library Hygiene Compromises your Application Security Read More »

iOS WiFi crashes with malicious hotspot name

News, Vulnerabilities / Ian Reynolds

iPhone users should beware after a bug is disclosed that can disable the WiFi system simply by connecting to a hotspot with a specially crafted name. The bug in iOS results from a poorly sanitised input string (Improper Input Validation) and in this case it was a failure to remove escape sequences from the input.

iOS WiFi crashes with malicious hotspot name Read More »

Ransomware is key cyber threat to UK businesses

News, Tools / Ian Reynolds

The CEO of the UK’s National Cyber Security Centre, part of GCHQ, says that the main threat facing UK businesses and consumers is ransomware coming from cyber criminals. This week Lindy Cameron delivered the Annual Security Lecture to the Royal United Services Institute where she stated that: For most UK citizens and businesses, and indeed

Ransomware is key cyber threat to UK businesses Read More »

Google Chrome 0Day RCE Fixed

News, Vulnerabilities / Ian Reynolds

Google is rolling out a new version of their Chrome web browser that fixes a remote code execution vulnerability that is under attack in the wild – the seventh zero day in Chrome so far this year. The new version of Chrome (91.0.4472.114) on Linux, Windows, and Mac resolves four high severity vulnerabilities including CVE-2021-30554

Google Chrome 0Day RCE Fixed Read More »

Windows Containers and Kubernetes under attack

News, Vulnerabilities / Ian Reynolds

Microsoft has warned that Kubernetes clusters are being targeted in a cryptomining attack while Palo Alto Networks has identified the first malware that targets Windows Containers – in order to compromise the Kubernetes clusters that host them. Cryptomining on Kubernetes Kubeflow is a popular framework for deploying Machine Learning workloads in a Kubernetes environment. Microsoft

Windows Containers and Kubernetes under attack Read More »

June Patch Tuesday and Vulnerability Roundup

News, Vulnerabilities / Ian Reynolds

The June security updates include 7 zero-day exploits fixed in Microsoft code, 5 high-severity bugs in Intel BIOS firmware and Security Library, and 21 critical vulnerabilities fixed in Adobe products. Microsoft Updates The June 2021 security updates from Microsoft resolves 7 zero-day vulnerabilities- six of them known to be exploited in the wild – and

June Patch Tuesday and Vulnerability Roundup Read More »

HPE patches RCE 0day in SIM software

News, Vulnerabilities / Ian Reynolds

Hewlett Packard Enterprise has released a patch to fix a critical remote code execution vulnerability in the Windows version of their System Insight Manager. The bug in the Federated Search and CMS Configuration (CVE-2020-7200) feature of version 7.6.x of HPE SIM, has a critical CVSS score of 9.8. According to the security advisory from HPE,

HPE patches RCE 0day in SIM software Read More »

Worlds largest beef supplier hit by ransomware

News / Ian Reynolds

The world’s largest meat producer had to shut down operations in the USA and Australia for several days after a cyberattack at the weekend. JBS Foods operates in 190 countries with 245,000 employees. According to a company statement: On Sunday, May 30, JBS USA determined that it was the target of an organized cybersecurity attack,

Worlds largest beef supplier hit by ransomware Read More »

Firefox Fission enhances web security

News, Tools / Ian Reynolds

Firefox has rolled out a new Site Isolation feature that greatly improves the security of the web browser by isolating every domain visited into a separate process. This provides protection against Meltdown and Spectre style attacks and cross site attacks that attempt to thwart the Same-Origin policy. Known internally as Project Fission, this significant development

Firefox Fission enhances web security Read More »

News

Critical PrintNightmare vulnerability exposes Domain controllers

How Poor Library Hygiene Compromises your Application Security

iOS WiFi crashes with malicious hotspot name

Ransomware is key cyber threat to UK businesses

Google Chrome 0Day RCE Fixed

Windows Containers and Kubernetes under attack

June Patch Tuesday and Vulnerability Roundup

HPE patches RCE 0day in SIM software

Worlds largest beef supplier hit by ransomware

Firefox Fission enhances web security

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch