The mistakes we make and how to fix them – a new report co-authored by the NCSC reveals the 10 most common security weaknesses exploited by hackers. A joint security alert from the National Cyber Security Centre UK (NCSC-UK) was released earlier this month, co-authored by cybersecurity bodies from the USA, Canada, New Zealand, and […]
10 Common Security Weaknesses and How To Defend Against Them Read More »
‘Use After Free’ is the name given to security vulnerabilities that occur because of a problem with the way an application is managing its memory. When one part of a program attempts to use some memory that another part of the program has released because it is no longer needed the application may crash, produce
What is a Use After Free Vulnerability? Read More »
Long considered a theoretical attack, HTTP request smuggling is now ‘soaring in popularity’ according to a new research paper published this month. What is HTTP request smuggling and what risk does it pose to your network? HTTP Request Smuggling (HRS) was first documented back in 2005. It is made possible by the way different web
What is HTTP request smuggling? Read More »
Hewlett Packard Enterprise has released a patch to fix a critical remote code execution vulnerability in the Windows version of their System Insight Manager. The bug in the Federated Search and CMS Configuration (CVE-2020-7200) feature of version 7.6.x of HPE SIM, has a critical CVSS score of 9.8. According to the security advisory from HPE,
HPE patches RCE 0day in SIM software Read More »
Design and Implementation flaws in Wi-Fi standards have been disclosed that could leave home and enterprise Wi-Fi networks vulnerable. The flaws are thought to affect all Wi-Fi systems from WEP through to the latest WPA3 security standard. The vulnerabilities have been named FragAttacks as they are mainly related to flaws in the way Wi-Fi fragments
Wi-Fi FragAttacks expose flaws in WPA2, WPA3 Read More »
Pass the hash is a technique used to steal credentials and enable lateral movement within a target network. In Windows networks, the challenge-response model used by NTLM security is abused to enable a malicious user to authenticate as a valid domain user without knowing their password. Even though Kerberos has replaced NTLM as the preferred authentication
What is a pass the hash attack? Read More »
Daily GDPR breach notifications are up 20% and fines are up 39% according to a new report. Law firm DLA Piper has published their third annual GDPR Fines and Data Breech Survey which reveals the number of breaches being reported is rising along with the number and level of fines being imposed. In the post-Brexit
GDPR Fines continue to grow Read More »
Microsoft continues to roll out changes to mitigate the Zerologon vulnerability and a change due in the February Patch Tuesday could break non-Windows device’s ability to connect to the domain. The Zerologon vulnerability is a flaw in the Microsoft NetLogon protocol. Tracked as CVE-2020-1472 the vulnerability allows an unauthenticated user to change passwords on the
NetLogon Security Changes coming in February Read More »
According to a new report, 68% of organisations that suffered a network breach are the victim of a repeat attack within a year. Cyber-criminals assume that organisation will not learn a lesson from the first attack and return in the hope of easy pickings the second time around. The report from cybersecurity response firm Crowdstrike
Two thirds of cyber-crimes repeated within 12 months Read More »
Return-Oriented Programming is a security exploit technique used by attackers to execute code on their target system. By obtaining control of the call stack, the attacker can control the flow of existing trusted software running on the computer and manipulate it to their own ends. New research published this month has demonstrated how SPECTRE style vulnerabilities
How Return-Oriented Programming exploits work Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.