Security research firm Embedi has recently published a report on the Marvell Avastar Wifi chip used in many devices including Microsoft Surface and Surface Pro, Samsung Chromebooks and some Samsung phones and the Sony Playstation 4 to name but a few. The flaw in Marvell’s implementation of the ThreadX operating system running on the Wifi […]
A recent publicity stunt promoting YouTube scoundrel pewdiepie has brought attention to a design flaw in Google Chromecast devices and smartTVs that embed the Chromecast technology. By default, the Chromecast device will attempt to use Universal Plug and Play if it is enabled on the network router in order to open a port on the
Chromecast design flaw exposes digital signage screens to takeover Read More »
Endpoints and security gateway appliances use a variety of techniques to attempt to identify Phishing websites that are trying to steal login credentials from unsuspecting users. A typical phishing website may appear to the average human to be a login page for a well-known service, such as Gmail, Dropbox or your cloud-hosted ERP system. Users
New Phishing techniques avoid detection with fake web fonts Read More »
Many servers make use of Intel’s Intelligent Platform Management Interface (IPMI) cards. These allow system administrators to access and remotely manage the server; including, changing BIOS settings, rebooting the server and providing an out-of-band login to the local system console. The IPMI can be built into the motherboard or can be added later and is supported
Server IPMI remote management cards used as ransomware attack vector Read More »
Microsoft’s December 2018 patch Tuesday release includes fixes for several critical vulnerabilities including one in PowerPoint which affects all versions since PowerPoint 2010. The PowerPoint bug (CVE-2018-8628) would allow an attacker to create a specially-crafted file, which when opened by PowerPoint, would enable the attacker to run arbitrary code as the logged-in user. According to
Death by PowerPoint and other vulnerabilities Read More »
A recent vulnerability in Sennheiser’s headphone management utility illustrates the risk of unexpected additions to the Microsoft windows certificate store. During installation, the Sennheiser software installed a self-signed root certificate into the computer’s trusted root CA certificate store. A copy of the certificates’ private key was also copied into application’s installation directory. Security research firm
Sennheiser headphone bug highlights certificate vulnerability Read More »
Meltdown and Spectre are a family of security attacks that operate at the hardware-level of modern processors. Some of the attack variants have supposedly been mitigated by microcode and BIOS patches issued by the processor vendors; however, new research published by Cornell University reveals several new attack vectors and the report suggests that the previously-issued
Meltdown and Spectre – it’s not over yet! Read More »
The Mirai malware which infects Linux-based IoT devices to form large-scale DDoS botnets has recently been discovered infecting commercial-grade Linux servers, according to a recent report from Netscout. Commercially-hosted linux servers have significantly more network bandwidth and could be used to launch far more damaging Denial-of-Service (Dos) attacks against other Internet-based hosts. Exploiting a vulnerability
Mirai Botnet Grows Up Read More »
In the past couple of weeks a new malware infection has been doing the rounds which has affected thousands of Google Play Store users. In early July it emerged that an organised cyber crime group infiltrated the Google Play store and uploaded a number of different apps containing the Anubis banking malware, which is a
Anubis Malware Targets Android Devices Read More »
This week, we saw a new vulnerability surface which affects users of all currently supported Microsoft Office applications. Security researchers at Qihoo 360 Core Security first detected the vulnerability being exploited ‘in-the-wild’ on 28th September, 2017. In a blog post on 10th October, 2017, a representative for Qihoo wrote “The attack only targeted limited customers. The
Microsoft Office Memory Corruption Vulnerability (CVE-2017-11826) Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.