An unauthorised change to a script used by Codecov customers to upload software test results has stolen the credentials and API tokens for thousands of organisation’s development environments. Codecov is a tool used to track what percentage of an application’s source code has been exercised during software testing. To do this, it is integrated into the […]
Compromise of Codecov dev tools affects thousands of customers Read More »
Security networking vendors SonicWall and Pulse Secure have both issued urgent alerts to customers regarding active zero-day attacks exploiting vulnerabilities in their products. SonicWall 3 zero-day vulnerabilities SonicWall has patched three zero-day vulnerabilities that affect their Email Security product. When chained together the vulnerabilities could allow an attacker to create a new administrator account on
SonicWall and Pulse Secure zero-day attacks Read More »
The UK National Cyber Security Centre has issued an alert warning organisation to urgently identify and patch Fortinet VPN devices on their networks. The NCSC alert warns : The NCSC is concerned that a significant number of organisations in the UK have not patched the Fortinet VPN vulnerability CVE-2018-13379. This continues to be actively exploited
NCSC Warns of Critical Risk to unpatched Fortinet VPN devices Read More »
SAP has issued an urgent security report after an increase in attacks against unpatched SAP systems using a variety of attack vectors. A new report from SAP and security firm Onapsis details how criminals are targeting mission critical SAP systems which are vulnerable due to security patches not being applied in a timely manner. The
SAP systems under active attack via unpatched vulnerabilities Read More »
Facebook has been in the news this week over a data breach from 2019 when over half a billion user’s details were stolen from the company. What are the security implications for businesses today? In 2019 the Facebook website was scraped to steal the account information for over 500 million users – including combinations of
What are the implications of the Facebook data breach? Read More »
A large phishing campaign has captured 400,000 Office 365 credentials by using compromised commercial email marketing services to avoid spam filters. The Compact Phishing operation has been using compromised accounts with services including SendGrid, MailGun and Amazon SES. Commercial email marketeers work hard to ensure their email systems have a high reputation, so their emails
Phishing attacks use email senders to avoid spam filters Read More »
Java is used by 90% of the Fortune 500 companies, is the second most popular programming language on the planet. So why does Java prompt users to uninstall it? All software contains bugs and vulnerabilities, so one method to limit the number of ways your computer can be attacked is to reduce the amount of
Why Java is recommending you uninstall Java Read More »
At the start of 2018 details were first published of the theoretical Spectre attack which exploits flaws in the design of modern CPU to allow data to be stolen from memory. Now Google has published a working proof-of-concept. Spectre is the name given to a number of attacks that are variations on a theme –
Google demonstrates Spectre attack in Chrome Read More »
Microsoft has released an easy to install one-click mitigation tool for the critical Exchange security vulnerability known as ProxyLogon as the NCSC issues an urgent alert to UK firms. The Hafnium/Proxylogon attack against Microsoft Exchange servers worldwide is escalating. Security researchers at Checkpoint report a 10 fold increase in daily attacks against Exchange e-mail servers
Microsoft releases One-Click ProxyLogon workaround for Exchange Read More »
Web browsers are adding more TCP ports to their block lists in an attempt to prevent exploitation of NAT Slipstream attacks. NAT Slipstreaming is an attack which tricks the NAT router into allowing external traffic through the NAT firewall to target any internal network device by abusing protocols such as SIP or H.323 where this
Browsers block more ports to prevent NAT Slipstream attacks Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.