SecureTeam

SonicWall and Pulse Secure zero-day attacks

Security networking vendors SonicWall and Pulse Secure have both issued urgent alerts to customers regarding active zero-day attacks exploiting vulnerabilities in their products. SonicWall 3 zero-day vulnerabilities SonicWall has patched three zero-day vulnerabilities that affect their Email Security product. When chained together the vulnerabilities could allow an attacker to create a new administrator account on […]

SonicWall and Pulse Secure zero-day attacks Read More »

NCSC Warns of Critical Risk to unpatched Fortinet VPN devices

News, Vulnerabilities / Ian Reynolds

The UK National Cyber Security Centre has issued an alert warning organisation to urgently identify and patch Fortinet VPN devices on their networks. The NCSC alert warns : The NCSC is concerned that a significant number of organisations in the UK have not patched the Fortinet VPN vulnerability CVE-2018-13379. This continues to be actively exploited

NCSC Warns of Critical Risk to unpatched Fortinet VPN devices Read More »

SAP systems under active attack via unpatched vulnerabilities

News, Vulnerabilities / Ian Reynolds

SAP has issued an urgent security report after an increase in attacks against unpatched SAP systems using a variety of attack vectors. A new report from SAP and security firm Onapsis details how criminals are targeting mission critical SAP systems which are vulnerable due to security patches not being applied in a timely manner. The

SAP systems under active attack via unpatched vulnerabilities Read More »

What are the implications of the Facebook data breach?

News, Tools / Ian Reynolds

Facebook has been in the news this week over a data breach from 2019 when over half a billion user’s details were stolen from the company. What are the security implications for businesses today? In 2019 the Facebook website was scraped to steal the account information for over 500 million users – including combinations of

What are the implications of the Facebook data breach? Read More »

Phishing attacks use email senders to avoid spam filters

News, Vulnerabilities / Ian Reynolds

A large phishing campaign has captured 400,000 Office 365 credentials by using compromised commercial email marketing services to avoid spam filters. The Compact Phishing operation has been using compromised accounts with services including SendGrid, MailGun and Amazon SES. Commercial email marketeers work hard to ensure their email systems have a high reputation, so their emails

Phishing attacks use email senders to avoid spam filters Read More »

Why Java is recommending you uninstall Java

News / Ian Reynolds

Java is used by 90% of the Fortune 500 companies, is the second most popular programming language on the planet. So why does Java prompt users to uninstall it? All software contains bugs and vulnerabilities, so one method to limit the number of ways your computer can be attacked is to reduce the amount of

Why Java is recommending you uninstall Java Read More »

Google demonstrates Spectre attack in Chrome

News, Vulnerabilities / Ian Reynolds

At the start of 2018 details were first published of the theoretical Spectre attack which exploits flaws in the design of modern CPU to allow data to be stolen from memory. Now Google has published a working proof-of-concept. Spectre is the name given to a number of attacks that are variations on a theme –

Google demonstrates Spectre attack in Chrome Read More »

Microsoft releases One-Click ProxyLogon workaround for Exchange

News, Tools, Vulnerabilities / Ian Reynolds

Microsoft has released an easy to install one-click mitigation tool for the critical Exchange security vulnerability known as ProxyLogon as the NCSC issues an urgent alert to UK firms. The Hafnium/Proxylogon attack against Microsoft Exchange servers worldwide is escalating. Security researchers at Checkpoint report a 10 fold increase in daily attacks against Exchange e-mail servers

Microsoft releases One-Click ProxyLogon workaround for Exchange Read More »

Browsers block more ports to prevent NAT Slipstream attacks

News, Tools / Ian Reynolds

Web browsers are adding more TCP ports to their block lists in an attempt to prevent exploitation of NAT Slipstream attacks. NAT Slipstreaming is an attack which tricks the NAT router into allowing external traffic through the NAT firewall to target any internal network device by abusing protocols such as SIP or H.323 where this

Browsers block more ports to prevent NAT Slipstream attacks Read More »

How to identify ProxyLogon – Hafnium attacks on your Exchange Server

News, Vulnerabilities / Ian Reynolds

Microsoft has updated their Microsoft Safety Scanner (MSERT) tool so that it detects Web Shells installed on your Exchange servers through the ProxyLogon vulnerability. Last week Microsoft issued emergency patches to address four zero-day exploits that were being exploited by the Hafnium group. Since the disclosures, criminal groups have been targeting Microsoft Exchange Servers around

How to identify ProxyLogon – Hafnium attacks on your Exchange Server Read More »

News

SonicWall and Pulse Secure zero-day attacks

NCSC Warns of Critical Risk to unpatched Fortinet VPN devices

SAP systems under active attack via unpatched vulnerabilities

What are the implications of the Facebook data breach?

Phishing attacks use email senders to avoid spam filters

Why Java is recommending you uninstall Java

Google demonstrates Spectre attack in Chrome

Microsoft releases One-Click ProxyLogon workaround for Exchange

Browsers block more ports to prevent NAT Slipstream attacks

How to identify ProxyLogon – Hafnium attacks on your Exchange Server

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch