A report from PaloAlto Networks coins a new security metric: Mean Time to Inventory in order to highlight the incredible speed with which attackers are now targeting new vulnerabilities as soon as they are publicly disclosed. The report is based on three month’s monitoring of 50 million IP addresses owned by global enterprises in order […]
What is Mean Time To Inventory? Read More »
New research into the market for exploits on the Dark Web reveals that 61% of exploits sold target Microsoft products including Windows OS, Office, RDP and Internet Explorer. The research presented by Trend Micro at the RSA 2021 Conference this week is the result of a year-long study of 600 dark web forums and markets
Criminals favour Microsoft exploits above all Read More »
Design and Implementation flaws in Wi-Fi standards have been disclosed that could leave home and enterprise Wi-Fi networks vulnerable. The flaws are thought to affect all Wi-Fi systems from WEP through to the latest WPA3 security standard. The vulnerabilities have been named FragAttacks as they are mainly related to flaws in the way Wi-Fi fragments
Wi-Fi FragAttacks expose flaws in WPA2, WPA3 Read More »
May Patch Tuesday sees four critical vulnerabilities patched by Microsoft and Adobe ships a fix for an Acrobat Reader zero-day that is under attack in the wild. Microsoft Patch Tuesday May 2021 55 vulnerabilities, 4 critical, are resolved in the May security patch bundle from Microsoft. Of particular note are: CVE-2021-31166 which is a Windows
Microsoft and Adobe release patches for zero day vulnerabilities Read More »
Over 25% of the TOR network exit nodes have been under the control of malicious actors who are performing man-in-the-middle attacks against network users. What is the TOR Network The TOR Network is a volunteer run network of relay servers that aims to provide anonymous and secure internet access that prevents its users from being
Users of TOR network hit by man-in-the-middle attacks Read More »
21 critical vulnerabilities have been discovered in the Exim Email server, some of which can be exploited to perform full remote unauthenticated code execution and gain root privilege on the server. Called 21Nails, this set of vulnerabilities is, to the Unix world, as serious as the ProxyLogon vulnerabilities recently discovered in Microsoft Exchange Server. The
Exim Mail Server 21Nails critical vulnerabilities Read More »
For the last 12 years, a driver deployed on millions of Dell computer systems contains 5 severe vulnerabilities which can be exploited to take over the system. First reported by researchers at SentinelOne, the vulnerabilities allow a local user to escalate their privilege and obtain admin rights on the Windows operating system. The vulnerabilities are
Millions of Dell systems vulnerable Read More »
Microsoft Defender for Endpoint now works with Intel’s low level CPU hardware based Threat Detection Technology to spot and block cryptojacking malware. Intel Threat Detection Technology (TDT) uses machine learning to analyse low level telemetry from the CPU’s performance monitoring subsystem to identify that cryptomining is happening and then signals Microsoft Defender to do something
Microsoft and Intel enhance Cryptojacking protection Read More »
Apple has released MacOS 11.3 which patches a critical zero-day bug that allows malware to bypass the built in Gatekeeper and Notarization protections designed to protect users from malicious software. The bug is already under active attack from Shlayer malware and because it is trivial to replicate, you can expect to see a slew of
Apple patches critical zero-day in MacOS Read More »
An unauthorised change to a script used by Codecov customers to upload software test results has stolen the credentials and API tokens for thousands of organisation’s development environments. Codecov is a tool used to track what percentage of an application’s source code has been exercised during software testing. To do this, it is integrated into the
Compromise of Codecov dev tools affects thousands of customers Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.