SecureTeam

Critical Microsoft DNS RCE Vulnerability

Microsoft has released a patch to resolve a critical remote code execution vulnerability that has lived in the DNS server code for 17 years. A blog post from the Microsoft Security Response Centre states: Today we released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw […]

Critical Microsoft DNS RCE Vulnerability Read More »

Critical SAP Vulnerability Patched

News, Vulnerabilities / Ian Reynolds

The July patch bundle from SAP includes a critical patch to resolve a vulnerability in the NetWeaver application server which could allow an unauthenticated attacker to gain unrestricted access to the SAP environment and database. According to the description for the vulnerability recorded as CVE CVE-2020-6287 : SAP NetWeaver AS JAVA (LM Configuration Wizard), versions

Critical SAP Vulnerability Patched Read More »

Server certificates valid for 13 months from September

News / Ian Reynolds

Mozilla and Google have confirmed they will be aligning with Apple and their browsers will reject any web server certificate issued after 1st September which is valid for more than a year. Apple announced the move to only support 1 year certificates back in February and now Mozilla and Google (and thus all the Chromium

Server certificates valid for 13 months from September Read More »

Ripple20 vulnerability affects millions of devices

News / Ian Reynolds

For 20 years a small two person firm in Ohio has licensed their TCP/IP software stack for use in embedded systems and IoT devices – from printers to medical devices. In June a collection of 19 vulnerabilities in this software was disclosed – affecting millions of devices from 50 different vendors. The collection of vulnerabilities

Ripple20 vulnerability affects millions of devices Read More »

Netgear SOHO Router Vulnerabilities

News, Vulnerabilities / Ian Reynolds

A Zero-Day Remote Code Execution vulnerability affects 79 different Netgear routers With the significant increase in home-working due to the COVID pandemic, the security of home workers’ connectivity is under scrutiny. Security researchers have detailed a serious vulnerability in the firmware of many Netgear routers popular in small and home office set-ups. The vulnerability exists

Netgear SOHO Router Vulnerabilities Read More »

AWS deflects largest every DDoS

News / Ian Reynolds

Amazon Web Services has revealed that in May 2020 it deflected the largest ever recorded DDoS attack. The previous largest Distributed Denial of Service (DDoS) attack had been against GitHub in 2018 which was measured at 1.3 Terabits (Thousand Billion bits per second) – the attack against AWS in May was almost double at 2.3

AWS deflects largest every DDoS Read More »

LastPass study reveals extent of password reuse

News / Ian Reynolds

Security software provider LastPass has published their third Annual Global Password Security Report which reveals the extent of password reuse. LastPass has analysed the anonymised data and usage patterns of their enterprise password vault used by 47,000 organisations around the world. Some key data points from the report: For Businesses under 25 employees the average

LastPass study reveals extent of password reuse Read More »

VideoLAN patches RCE vulnerability in VLC

News, Vulnerabilities / Ian Reynolds

VideoLAN has released a patch for their popular VLC Media player software to resolve a remote code execution vulnerability The VLC open source media player is widely used in domestic and enterprise environments for playback of all kinds of video files and digital signage applications. In a security bulletin, the developer state that: If successful, a malicious

VideoLAN patches RCE vulnerability in VLC Read More »

OpenSSH to drop support for SHA-1

News, Tools / Ian Reynolds

The developers of the OpenSSH implementation of Secure Shell have announced their intention to drop support for SHA-1 in a ‘near future release.’ OpenSSH is used by millions of system administrators to securely access networked systems. OpenSSH supports various encryption algorithms and the decision to drop support for SHA-1 comes as recent research demonstrates it

OpenSSH to drop support for SHA-1 Read More »

Record breaking June Patch Tuesday

News, Vulnerabilities / Ian Reynolds

In June 2020 Microsoft’s Patch Tuesday fixes a record 129 defects and vulnerabilities in its software – with a further 19 patches in the June Microsoft Office patch bundle. This continues a recent trend of ever-increasing numbers of patches included in the monthly updates from Microsoft (the two previous highest number of patches were in

Record breaking June Patch Tuesday Read More »

News

Critical Microsoft DNS RCE Vulnerability

Critical SAP Vulnerability Patched

Server certificates valid for 13 months from September

Ripple20 vulnerability affects millions of devices

Netgear SOHO Router Vulnerabilities

AWS deflects largest every DDoS

LastPass study reveals extent of password reuse

VideoLAN patches RCE vulnerability in VLC

OpenSSH to drop support for SHA-1

Record breaking June Patch Tuesday

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch