The US Government has published a list of security vulnerabilities that must be patched on all government systems within the next 2 weeks. Developed by the Cybersecurity and Infrastructure Security Agency (CISA) – the binding operational directive provides a list of vulnerabilities that are being exploited to attack government systems. Under the terms of the […]
US Government publishes critical vulnerabilities list Read More »
Creators and users of Operational Technology and IoT devices should pay attention to a new report from MITRE which reveals the Most Important Hardware Weaknesses causing security issues in 2021. For some years, MITRE has regularly reported on the most dangerous software security weaknesses by analysing the CVE vulnerability reports generated each year. Now they
MITRE reveals most important hardware weaknesses Read More »
A javascript library downloaded millions of times each week was compromised in a supply chain attack which targeted the npm software registry. npm describes itself as the worlds largest software registry, and is used to host and share thousands of open source and private software projects. The javascript library in question is used by companies
Javascript supply chain attack hits millions of users Read More »
Three decades ago, Microsoft released Excel 4.0 with support for XLM macro files. A firm favourite with threat actors, XLM macros can be easily subverted to drop malware onto a victim’s computer through email campaigns that deliver malicious Office365 documents such as fake invoices and reports. Microsoft has now announced that XLM macros will be
Excel XLM Macros to be disabled by default – sometimes Read More »
The September update for Microsoft Exchange includes a new security feature for on-premises servers – they can now automatically mitigate new vulnerabilities just like the cloud versions used by Office 365. The last 12 months have not been fun for Exchange administrators with a series of high-profile vulnerabilities affecting on-premise Exchange servers resulting in the
Exchange can now automatically mitigate new vulnerabilities Read More »
In 2016, Europol, the Netherlands Police and leading anti-virus companies joined forces to create the No More Ransom project, which to date has helped over 6 million ransomware victims recover their files and avoid paying €1billion in ransom. The nomoreransom.org website provides advice for individuals and businesses on how to protect themselves against ransomware and
How the No More Ransom project helps victims of ransomware Read More »
Security researchers at the University of London discovered several vulnerabilities in the home grown cryptography used by the Telegram messaging app which boasts half a billion users. The four vulnerabilities discovered in Telegrams bespoke MTProto protocol highlight the dangers of trying to invent new cryptographic systems rather than using proven existing solutions. MTProto is used by
Telegram vulnerabilities discovered Read More »
The CEO of the UK’s National Cyber Security Centre, part of GCHQ, says that the main threat facing UK businesses and consumers is ransomware coming from cyber criminals. This week Lindy Cameron delivered the Annual Security Lecture to the Royal United Services Institute where she stated that: For most UK citizens and businesses, and indeed
Ransomware is key cyber threat to UK businesses Read More »
Firefox has rolled out a new Site Isolation feature that greatly improves the security of the web browser by isolating every domain visited into a separate process. This provides protection against Meltdown and Spectre style attacks and cross site attacks that attempt to thwart the Same-Origin policy. Known internally as Project Fission, this significant development
Firefox Fission enhances web security Read More »
Microsoft Defender for Endpoint now works with Intel’s low level CPU hardware based Threat Detection Technology to spot and block cryptojacking malware. Intel Threat Detection Technology (TDT) uses machine learning to analyse low level telemetry from the CPU’s performance monitoring subsystem to identify that cryptomining is happening and then signals Microsoft Defender to do something
Microsoft and Intel enhance Cryptojacking protection Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.