Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us

Blog

Home Search results for "penetration testing"

What is a pass the hash attack?

By Mark Faithfull | Articles, Information Assurance | 25 February, 2021 | 1

Pass the hash is a technique used to steal credentials and enable lateral movement within a target network. In Windows networks, the challenge-response model used by NTLM security is abused to enable a malicious user to authenticate as a valid domain user without knowing their password.  Even though Kerberos has replaced NTLM as the preferred authenticationRead more

GDPR Fines continue to grow

By Mark Faithfull | News | 21 January, 2021 | 3

Daily GDPR breach notifications are up 20% and fines are up 39% according to a new report. Law firm DLA Piper has published their third annual GDPR Fines and Data Breech Survey which reveals the number of breaches being reported is rising along with the number and level of fines being imposed. In the post-BrexitRead more

NetLogon Security Changes coming in February

By Mark Faithfull | News | 21 January, 2021 | 0

Microsoft continues to roll out changes to mitigate the Zerologon vulnerability and a change due in the February Patch Tuesday could break non-Windows device’s ability to connect to the domain. The Zerologon vulnerability is a flaw in the Microsoft NetLogon protocol. Tracked as CVE-2020-1472 the vulnerability allows an unauthenticated user to change passwords on theRead more

Two thirds of cyber-crimes repeated within 12 months

By Mark Faithfull | News | 9 December, 2020 | 0

According to a new report, 68% of organisations that suffered a network breach are the victim of a repeat attack within a year.  Cyber-criminals assume that organisation will not learn a lesson from the first attack and return in the hope of easy pickings the second time around. The report from cybersecurity response firm CrowdstrikeRead more

How Return-Oriented Programming exploits work

By Mark Faithfull | Articles | 18 September, 2020 | 2

Return-Oriented Programming is a security exploit technique used by attackers to execute code on their target system.  By obtaining control of the call stack, the attacker can control the flow of existing trusted software running on the computer and manipulate it to their own ends.  New research published this month has demonstrated how SPECTRE style vulnerabilitiesRead more

The most dangerous vulnerabilities of 2020

By Mark Faithfull | News, Tools | 9 September, 2020 | 0

The Common Weaknesses Enumeration project has released their 2020 list of the 25 most dangerous software vulnerabilities.  The list describes the types of vulnerabilities that have resulted in CVE being issued over the last two years. The project describes itself as: The 2020 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses (CWE TopRead more

Tesla targeted in Ransomware attack

By Mark Faithfull | News | 3 September, 2020 | 0

Details emerged this week of a failed multi-million dollar ransomware attack against Tesla which attempted to bribe an employee to hand deliver the malware. According to the legal case files,  a Russian named Egor Igorevich Kriuchkov travelled to Nevada in order to contact and then recruit a Tesla employee and offered him $1million in orderRead more

What is Security Awareness Training

By Mark Faithfull | Articles, Information Assurance | 17 June, 2020 | 0

Security Awareness Training is an essential component of any organisation’s information security. Even though it is mandated by frameworks such as PCI-DSS or ISO 27001, Security Awareness Training should be more than just a compliance exercise.  A good security awareness training programme will drive changes in behaviour amongst staff, suppliers and customers that will improveRead more

What is server hardening ?

By Mark Faithfull | Articles, Infrastructure | 31 March, 2020 | 4

Server hardening is a set of disciplines and techniques which improve the security of an ‘off the shelf’ server.  Server Hardening is requirement of security frameworks such as PCI-DSS and is typically included when organisations adopt ISO27001.   What is the attack surface The aim of server hardening is to reduce the attack surface ofRead more

600 failed login attempts per hour for public RDP servers

By Mark Faithfull | News | 3 August, 2019 | 0

Recent research from Sophos highlights your public RDP server as the primary attack vector against your data centre. During April and May 2019, Sophos deployed 10 standard out-of-the-box configured Windows 2019 servers into AWS data centres around the world.  By default, Windows 2019 has RDP enabled.  They configured each server with uncrackably long passwords andRead more

12

Recent Posts

  • What is a Security Incident Response Plan?
  • NCSC Warns of Critical Risk to unpatched Fortinet VPN devices
  • April patch Tuesday tackles zero days and new Exchange vulnerabilities
  • SAP systems under active attack via unpatched vulnerabilities
  • What are the implications of the Facebook data breach?

Tags

Android Apple Bluetooth Business Continuity Chrome Cisco credential stuffing cyber crime cyber essentials cyber security cyber security news Data Protection DDoS DNS Exchange Server exim fileless formjacking GDPR IoT Linux MacOS Meltdown microsoft ncsc patching penetration testing phishing ransomware RDP SAP security breach Security operations security testing SIEM software development Spectre supply chain attacks Sysinternals Tomcat Unix vulnerability management web applications web browsers wireless

Archives

  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • July 2018
  • June 2018
  • April 2018
  • January 2018
  • October 2017
BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS ISO 9001 ISO 27001
information. secured.
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us
SecureTeam