cyber security news Archives

Nation-State Attackers Exploiting Critical Infrastructure: A Growing Threat

Nation-state cyberattacks on critical infrastructure are becoming increasingly sophisticated and destructive, as highlighted by recent reports. In October 2024, attackers began exploiting vulnerabilities in Ivanti software used by critical sectors, including energy and transportation. These vulnerabilities allowed cyber actors to gain unauthorised access, move laterally within networks, and execute persistent attacks, sometimes even “patching” exploited […]

Nation-State Attackers Exploiting Critical Infrastructure: A Growing Threat Read More »

Apple Patches VoiceOver Bug That Could Read Passwords Aloud

News, Vulnerabilities / Ian Reynolds

Apple has recently addressed a significant vulnerability in its VoiceOver feature that raised privacy concerns for iPhone and iPad users. The flaw, identified as CVE-2024-44204, allowed the VoiceOver accessibility tool to read saved passwords out loud, a critical issue for users relying on this feature to navigate their devices without visual input. The bug was

Apple Patches VoiceOver Bug That Could Read Passwords Aloud Read More »

NVIDIA Vulnerability CVE-2024-0132: A Deep Dive into the Threat and Mitigation

News, Vulnerabilities / Ian Reynolds

In September 2024, NVIDIA disclosed a critical security flaw, CVE-2024-0132, affecting its NVIDIA Container Toolkit. This vulnerability has sent shockwaves through the IT and cybersecurity communities due to its severity and potential to compromise container environments. The flaw, which has been assigned a CVSS score of 9.0 out of 10, underscores the ever-present risks of

NVIDIA Vulnerability CVE-2024-0132: A Deep Dive into the Threat and Mitigation Read More »

WinRAR Remote Code Execution Flaw Patched

News, Vulnerabilities / Ian Reynolds

A high severity vulnerability has been found in RARLAB’s popular Windows file archiver WinRAR. Security researchers at the Zero Day Initiative who first identified this vulnerability in June have published a security advisory about this flaw now that an update has been issued by the vendor. This vulnerability has the possibility of allowing remote, unauthenticated

WinRAR Remote Code Execution Flaw Patched Read More »

Stack-Based Buffer Overflows in Ivanti Avalanche

News, Vulnerabilities / Ian Reynolds

Multiple stack-based buffer overflows have been identified in Ivanti Avalanche, tracked as a single vulnerability with a critical severity rating and CVSS base score of 9.8/10. Ivanti Avalanche is an enterprise mobility management (EMM) solution used by organisations to manage and monitor mobile devices securely. Researchers at Tenable discovered and investigated these flaws, publishing an

Stack-Based Buffer Overflows in Ivanti Avalanche Read More »

Microsoft Teams Used in Social Engineering Attacks

News, Social Engineering / Ian Reynolds

Highly targeted phishing attacks have been carried out by the threat actor Midnight Blizzard, previously known as NOBELIUM, via Microsoft Teams. These attacks targeted a range of organisations including government and non-government organisations, IT services, technology businesses, manufacturing, and media companies. Through social engineering techniques Midnight Blizzard were able to achieve token and credential theft

Microsoft Teams Used in Social Engineering Attacks Read More »

LinkedIn Accounts Hijacked By Cyber Criminals

News, Vulnerabilities / Ian Reynolds

LinkedIn accounts have been targeted by attackers in hacking events that have led to users being locked out of their own accounts by LinkedIn, and unable to recover them through LinkedIn support. The cyber criminals conducting these account takeover attacks have pressured their victims into paying ransoms to recover their accounts under the threat of

LinkedIn Accounts Hijacked By Cyber Criminals Read More »

Malware Attacks Target Zyxel End-Of-Life Routers

News, Vulnerabilities / Ian Reynolds

A five-year-old vulnerability is currently being exploited in Zyxel P660HN-T1A routers to introduce a Gafgyt malware variant onto target networks. An outbreak alert has been issued by Fortinet to inform users that this end-of-life router running versions before 7.3.15.0 v001/ 3.40 (ULM.0)b31 is being actively targeted in the wild. Zyxel published a security advisory back

Malware Attacks Target Zyxel End-Of-Life Routers Read More »

Actively Exploited Office RCE Attack Chain Patched

News, Vulnerabilities / Ian Reynolds

A Defense-In-Depth Office update has been released by Microsoft as a part of the Patch Tuesday updates made available this week to fix an actively exploited remote code execution (RCE) flaw. This vulnerability was first identified last month, when it was confirmed to be actively exploited and publicly disclosed. At the time of discovery, it

Actively Exploited Office RCE Attack Chain Patched Read More »

cyber security news

Nation-State Attackers Exploiting Critical Infrastructure: A Growing Threat

Apple Patches VoiceOver Bug That Could Read Passwords Aloud

NVIDIA Vulnerability CVE-2024-0132: A Deep Dive into the Threat and Mitigation

WinRAR Remote Code Execution Flaw Patched

Stack-Based Buffer Overflows in Ivanti Avalanche

LinkedIn Accounts Hijacked By Cyber Criminals

Malware Attacks Target Zyxel End-Of-Life Routers

Actively Exploited Office RCE Attack Chain Patched

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch