In a recently published report on the state of the Internet security, Akami Research notes that they detected an average of 115 million credential stuffing attacks against their clients each day in 2018. Credential Stuffing is, according to OWASP: “the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. […]
Credential Stuffing on the Rise Read More »
Docker, along with Kubernetes, Containerd and all the other Linux container technologies that are based on the runc runtime module are affected by CVE-2019-5736 which allows the host runc to be overwritten and consequently obtain root access on the host server. Attackers first need to create a malicious Docker container. When this is installed on any
Docker vulnerability allows host root escalation Read More »
In 2017 MS Office files accounted for just 5% of malicious email attachments – this jumped to 48% by the end of 2018 A recent report by Symantec reveals that Microsoft Office files are increasing used as the delivery mechanism for malicious payloads over email, especially targeting businesses. In 2017 MS Office files accounted for
Microsoft Office files increasing used as attack vector Read More »
Peebles Media Group is suing a former employee who fell victim to a CEO Fraud email which cost her employer almost £200,000. CEO Fraud is a common type of cyber-crime which targets businesses. Because the CEO or Managing Director of a firm is easy to identify – often being listed on the company website or
Scottish firm sues employee after CEO Fraud scam Read More »
The popular Network Attached Storage devices from Taiwanese vendor QNAP are the subject of an active malware attack. QNAP has issued a security advisory warning that the attack is underway and offering an updated version of the QNAP Malware Remover to resolve the issue. The active evidence of the malware includes adding hundreds of entries
Active attack against QNAP NAS devices Read More »
The February 2019 Exchange Quarterly updates (https://blogs.technet.microsoft.com/exchange/2019/02/12/released-february-2019-quarterly-exchange-updates/) from Microsoft includes a fix for the NTLM relay vulnerability we reported last week. The fix changes the way Exchange Web Services operates in order to remove the ability for a man in the middle attack to capture and replay the authentication traffic and so escalate their privileges
Microsoft release fix for Exchange NTLM relay vulnerability Read More »
Microsoft has recently issued a security advisory following the discovery of an NTLM relay attack vector against on-premises Exchange servers. An attacker who is able to intercept the NTLM authentication in an NTLM relay attack, is able to discover the Exchange Server’s credentials and potentially elevate their privileges to a Domain Administrator. This would allow
Microsoft warns Exchange vulnerable to NTLM relay attacks Read More »
The Remote Desktop Protocol (RDP) is a favoured tool for many systems administrators, as it allows a connection to be made to another computer on your network and see the screen and use the mouse and keyboard as if you were physically sat in front of it. This means that for many, if not most,
Serious vulnerabilities found in RDP protocol Read More »
Remote access attacks allow authentication bypass and remote code execution Cisco has just released urgent patches for their RV320 and RV325 WAN VPN routers. The patches resolve two critical vulnerabilities in the router’s firmware: CVE-2019-1653 – allows a remote attacker to get sensitive device configuration details without a password (including the hashed passwords for all
Critical vulnerabilities affect Cisco WAN VPN Routers and Small Business Switches Read More »
A wave of DNS hijack attacks has been sweeping across Europe, the Middle-East and America according to recently published reports from FireEye and Cisco. While the attacks are creative and sophisticated, the root attack vector is often a simple credential compromise to the DNS control panel of an organisation’s domain name registrar. The scale of
Extensive DNS hijack attacks prompt urgent action Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.