Starting in March 2022, Google Chrome will start supporting the new Private Network Access standard which will help protect local network devices from malicious internet traffic. Private Network Access, or PNA, will prevent malicious websites from using the victim’s browser as a proxy to relay cross-site request forgery attempts to devices on the user’s localRead more
Blog
Millions of routers are affected by a high severity flaw in the NetUSB module which is used by many vendors including NETGEAR, TP-Link, and Dlink. NetUSB is developed by Kcodes and is licensed to many device manufacturers. It enables remote network devices to connect to USB peripherals which are plugged into the router – typicallyRead more
Customers of Microsoft Exchange Servers and some Honda motor vehicles experienced unusual errors with the turn of the year as software failed to handle the year 2022 when the date rolled over. Microsoft Exchange Server bug The FIP-FS anti-spam and anti-malware service has been enabled by default on all Exchange Servers since Exchange 2013 wasRead more
According to research from Google’s Open Source Insights Team, the Apache Log4j vulnerabilities affect 4% of the projects in the Java ecosystem – over 17,000 packages in the Mavern Central repository alone. Log4j is a popular library that provides logging services to many thousands of Java based applications. Earlier this month security teams and systemRead more
When it comes to security vulnerabilities, they don’t get any worse than the one recently disclosed in the Log4j utility which was awarded the maximum CVSS severity of 10. This is not some theoretical risk, it is an open door to affected systems. The NCSC calls it: ‘potentially the most severe computer vulnerability in years.’Read more
The Glupteba botnet targets Windows computers to steal passwords or commit fraud through the infected computer and is thought to include about a million compromised devices. It is growing at a rate of thousands of new systems every day. According to Google: Glupteba is notorious for stealing users’ credentials and data, mining cryptocurrencies on infectedRead more
Mozilla has published a security advisory warning of a critical security vulnerability in the Network Security Services libraries which are widely used by open-source software. While the bug does not impact Mozilla Firefox, it is thought to affect many other email clients and PDF viewers that use the electronic signature verification features of the NetworkRead more
Europol called Emotet “the world’s most dangerous malware” – and it is back in the security news this week – but what is Emotet, and how can you protect your network from Emotet based attacks? Emotet is the name given to a strain of malware and the cyber-crime organisation that created it. First detected inRead more
The UK Government has introduced new legislation which will improve the security of smartphones, IoT devices and connected appliances. The Product Security and Telecommunications Infrastructure (PSTI) Bill will require the manufacturers, importers and distributors of consumer connectable products to comply with cyber security good practices. According to the Government the regulations that flow from the newRead more
A new research paper looks at the security risks posed by the printers found in most offices and homes – and coins the term PrintJack to mean the hijacking of a printer by a threat actor. The research paper outlines three types of attack that could leverage a compromised printer. The standard TCP/IP port usedRead more
