The developers of the OpenSSH implementation of Secure Shell have announced their intention to drop support for SHA-1 in a ‘near future release.’ OpenSSH is used by millions of system administrators to securely access networked systems. OpenSSH supports various encryption algorithms and the decision to drop support for SHA-1 comes as recent research demonstrates it […]
OpenSSH to drop support for SHA-1 Read More »
After analysing dozens of ransomware incidents over the last 4 years, researchers have identified their defining common characteristics – which can help security managers design targeted defences. Mandiant Intelligence have published a report that reveals the common attributes of ransomware incidents from around the world and across the industrial spectrum. The key findings are:
Ransomware trends 2020 Read More »
Microsoft has released a patch to fix a remote code execution flaw in the SMB protocol affecting Windows 10 PC and their servers. SMB is used by Active Directory, for network file sharing and some printers. Microsoft have published a security advisory which details the scope of the flaw. The problem is the way the SMBv3
Microsoft patches critical SMB flaw Read More »
Most Android devices receive security updates for only 2 years from release – yet can remain on sale for much longer than that. Which means it is possible to by a brand new Android phone today that is already too old to receive security updates. When considering which smartphones and tablets to deploy to staff,
Android security updates risk for a billion devices Read More »
Kr00k is a serious Wi-Fi vulnerability which can trick a device to retransmit the last 32k of encrypted traffic with an encryption key of all zeros. The flaw affects devices using Wi-Fi chips from Broadcom and Cypress including Apple devices, Amazon Echo and Google Nexus devices. The bug can be triggered when a device disconnects
Kr00k Wi-Fi vulnerability affects a billion devices Read More »
From September 2020 the security certificates used to enable HTTPS communications can only be valid for a maximum of 13 months, says Apple. Since the Apple Safari browser enjoys a 17% market share, this restriction will likely force the whole industry to adopt the same limit in certificate lifespan. The Certificate Authority Browser Forum (CAB
Maximum TLS Cert validity reducing to 13 months Read More »
Several critical switch vulnerabilities that could allow an attacker to break network segmentation have been patched by Cisco. Dubbed CDPwn by the researchers at Armis who discovered the flaws, the vulnerabilities exists in a Level 2 networking protocol called Cisco Discovery Protocol (CDP). Network segmentation is an effective security strategy that isolates data and systems
Cisco patches critical switch flaws Read More »
Ragnarok ransomware is leveraging unpatched Citrix ADC servers and Windows computers to attack its victims. Citrix have now released a patch for CVE-2019-19781 and made it available to all clients – regardless of the status of their support contract. However, unpatched Citrix systems are being actively targeted with Ragnarok according to security firm Fireye. CVE-2019-19781 is
Ragnarok ransomware exploits Citrix vulnerability Read More »
Cable Haunt is a vulnerability in millions of cable modems which allows an attacker to execute arbitrary code on the modem. This vulnerability is interesting for two reasons – firstly the scale due to the number of vulnerable devices and secondly how the vulnerability came about. Cable Haunt is a buffer overflow defect in the
What is Cable Haunt? Read More »
A remote code execution vulnerability has been discovered in SQLite, dubbed Magellan 2.0 by the research team that discovered it. Tencent’s Blade security research team has published some details of a remote code execution vulnerability that affects all version of SQLite prior to the latest patch issued on 13 December 2019. SQLite is a widely used
SQLite remote code execution vulnerability Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.