Uncategorized Archives

DeepSeek Data Leak: How a Simple Security Flaw Exposed Over a Million Records

In January 2025, the cybersecurity community was alerted to a significant data exposure involving DeepSeek, a prominent Chinese artificial intelligence (AI) startup. Researchers from Wiz, a cloud security firm, discovered that DeepSeek had inadvertently left a critical database accessible on the internet without any authentication measures. This lapse exposed over a million records, including system […]

DeepSeek Data Leak: How a Simple Security Flaw Exposed Over a Million Records Read More »

The Most Invasive Apps for SMEs

Uncategorized / Ian Reynolds

Statistics released by GOV.UK suggest that the number of small to medium-sized enterprises (SMEs) in the UK has increased by 2 million over the last two decades. There are now an estimated 5.5 million SMEs operating across the country. Mobile apps are essential for the success of SMEs. Financial-related apps, such as Paypal, QuickBooks,

The Most Invasive Apps for SMEs Read More »

Microsoft Office Zero-Day attack identified

News, Uncategorized, Vulnerabilities / Ian Reynolds

A new vulnerability has been discovered that can allow a malicious document to run arbitrary code on a Windows computer. Although the obvious attack vector is MS Office documents, Microsoft is describing this as a Windows Operating System vulnerability according to CVE-2022-30190. A Word Document was found to be able to abuse the Microsoft Windows

Microsoft Office Zero-Day attack identified Read More »

Apple patches critical iOS vulnerabilities

News, Uncategorized, Vulnerabilities / Ian Reynolds

Apple has released iOS 14.4 which contains fixes for two critical security vulnerabilities which they admit may have been actively exploited in the wild. The first flaw (CVE-2021-1871, CVE-2021-1870) in iOS and iPadOS is a WebKit vulnerability which could be exploited by a malicious webpage in the Safari browser to execute arbitrary code on the

Apple patches critical iOS vulnerabilities Read More »

Microsoft extends support for older software

News, Uncategorized / Ian Reynolds

Microsoft has pushed back the end of support dates for a raft of software versions in order to ease the burden on stretched IT teams during the COVID19 pandemic. Organisations have to keep their systems updated with supported versions of software in order to benefit from the monthly security patches which are essential for network

Microsoft extends support for older software Read More »

Microsoft patches zero-day flaws

News, Uncategorized, Vulnerabilities / Ian Reynolds

April’s patch Tuesday release from Microsoft includes fixes for three zero-day vulnerabilities in Windows that are under active attack. CVE-2020-1020 is a flaw in the Windows Adobe Type Manager Library. According to Microsoft: For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10,

Microsoft patches zero-day flaws Read More »

Ghostcat leaves Tomcat vulnerable

News, Uncategorized, Vulnerabilities / Ian Reynolds

A serious vulnerability, dubbed Ghostcat, has been discovered in Apache Tomcat and criminals are already trying to exploit it. Tomcat is one of the most popular Java application servers, with over 800k active installations visible on the web. According to the researchers who discovered the bug at Chaitin Tech: Due to a flaw in the

Ghostcat leaves Tomcat vulnerable Read More »

Maximum TLS Cert validity reducing to 13 months

News, Uncategorized / Ian Reynolds

From September 2020 the security certificates used to enable HTTPS communications can only be valid for a maximum of 13 months, says Apple. Since the Apple Safari browser enjoys a 17% market share, this restriction will likely force the whole industry to adopt the same limit in certificate lifespan. The Certificate Authority Browser Forum (CAB

Maximum TLS Cert validity reducing to 13 months Read More »

SUDO bug allows privilege escalation

News, Uncategorized, Vulnerabilities / Ian Reynolds

A bug has been found in the SUDO command which can allow an attacker to gain root privilege on Linux and Unix systems, even for users that do not have permission to run SUDO. SUDO is a security tool used daily in most organisations. SUDO allows users to execute a specific command with escalated privilege

SUDO bug allows privilege escalation Read More »

Microsoft advises SIEM to help defend RDP

News, Tools, Uncategorized / Ian Reynolds

In a recent whitepaper, Microsoft provides advice on how to spot RDP attacks in Windows event logs while the attack is still underway. The paper titled: “Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks” succinctly explains the risk posed by RDP servers when published to the internet:

Microsoft advises SIEM to help defend RDP Read More »

Uncategorized

DeepSeek Data Leak: How a Simple Security Flaw Exposed Over a Million Records

The Most Invasive Apps for SMEs

Microsoft Office Zero-Day attack identified

Apple patches critical iOS vulnerabilities

Microsoft extends support for older software

Microsoft patches zero-day flaws

Ghostcat leaves Tomcat vulnerable

Maximum TLS Cert validity reducing to 13 months

SUDO bug allows privilege escalation

Microsoft advises SIEM to help defend RDP

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch