Europol has just published their 2019 Internet Organised Crime Threat Assessment The key findings of the report make for interesting reading for Security Managers: While the number of ransomware attacks have reduced since 2018, the attackers have shifted their focus to more profitable targets – your businesses! Phishing and vulnerable Remote Desktop Protocol attacks are […]
The rise of ransomware attacks in 2019 Read More »
The trial of a Sys Admin who worked for the Fin7 cyber-crime syndicate provides a surprising look into the inner workings of the organisation. Fedir Hladyr was the Sys Admin running the support infrastructure for Fin7. He was responsible for JIRA, Jabber and HipChat servers used to co-ordinate the work of their teams of hackers
JIRA Sys Admin jailed for 25 years Read More »
In the eternal arms race between malware writers and anti-virus vendors, a new front of attack is opening. As security software has responded to the use of MS Office files as a means for malware delivery over email, the attackers have started to shift to the OpenDocument (ODT) file format first popularised by OpenOffice and
Malware shifting from MS Office to OpenOffice Read More »
Security researchers from two German universities have published details of flaws in document PDF encryption Digitally signed and encrypted PDF documents are widely used: to execute contracts, meet statutory reporting obligations and to protect commercially sensitive information transmitted as email attachment. Breaking PDF digital signatures PDF digital signatures use asymmetric cryptography; that is the signer
PDF encryption broken by researchers Read More »
The CWE top 25 is a list of the most common software defects that give rise to CVE being reported. Mitre, the organisation behind the Common Vulnerabilities and Exposures database, has scanned some 25,000 CVE reports logged within their database and the NIST National Vulnerability Database in order to compile the list for 2019. By
2019 CWE Top 25 Most Dangerous Software Errors Read More »
Microsoft’s ATP research team has issued a details analysis of a new malware campaign which is pushing boundaries of the state of the art for Fileless malware. Fileless malware does not leave a noticeable fingerprint on the file-system – it resides only in memory. Nodersok is interesting because of its use of living-off-the-land techniques; it
Microsoft warns of Nodersok fileless malware Read More »
LastPass, the world most popular password vault, has issued a fix to an information disclosure flaw discovered by Google’s Project Zero. Google’s Project Zero security research team discovered a flaw in the LastPass plugins for the Chrome and Opera browsers. By exploiting the flaw, an attacker could obtain a copy of the last credentials the
Lastpass fixes Chrome plugin vulnerability Read More »
At Black Hat 2019 Tencent reveals QualPwn vulnerability which could allow over the air RCE on Android devices using Qualcomm chips The vulnerabilities, known as QualPwn, can be chained together to first compromise the WiFi controller and then overwrite a portion of the Android Kernel. CVE-2019-10539: is a buffer-overflow vulnerability in Qualcomm’s Wi-Fi controller firmware.
Qualcomm powered Android phones vulnerable to RCE Read More »
The record fine of £183,000,000 for a UK data breach signals a new era for the economics of information security. The first fine issued by the UK’s Information Commissioners Office (ICO) under the GDPR regime is 367 times higher than the previous maximum fine levied against Facebook in the aftermath of the Cambridge Analytica scandal.
BA record £183m fine for data breach Read More »
Researchers have published details of a newly discovered side channel attack they have named RAMBleed RAMbleed is the latest evolution of attacks building on Row Hammer that allow information in one area of physical memory to be influenced by access made to a different but nearby area of physical memory. Because Row Hammer and related methods
RAMbleed – new side channel attack Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.