security breach Archives

DeepSeek Data Leak: How a Simple Security Flaw Exposed Over a Million Records

In January 2025, the cybersecurity community was alerted to a significant data exposure involving DeepSeek, a prominent Chinese artificial intelligence (AI) startup. Researchers from Wiz, a cloud security firm, discovered that DeepSeek had inadvertently left a critical database accessible on the internet without any authentication measures. This lapse exposed over a million records, including system […]

DeepSeek Data Leak: How a Simple Security Flaw Exposed Over a Million Records Read More »

Canon Printers Retain Wi-Fi Information After Wipe

News, Vulnerabilities / Ian Reynolds

Canon Inkjet printers have been found to retain sensitive Wi-Fi information after the usual wipe that is performed in the initialisation process. Canon have released a security advisory to warn their customers that information that can be used to connect to previously connected Wi-Fi is kept within the memory of the Wi-Fi connection settings, and

Canon Printers Retain Wi-Fi Information After Wipe Read More »

LastPass Hack Due to Unpatched Software

Articles, Information Assurance / Ian Reynolds

LastPass suffered two large-scale and public data breaches last year, the first in August to steal source code, and the second in November where partially encrypted password vault data and customer information was stolen. Information from the first breach was used to carry out the second attack, and a keylogger was installed on a senior

LastPass Hack Due to Unpatched Software Read More »

Uber Breached in Targeted Attack

News, Vulnerabilities / Ian Reynolds

The credentials of an Uber contractor were stolen and used to access multiple accounts and company files in a targeted attack. Uber released an initial security update statement that they were dealing with a cybersecurity incident when this breach was first identified and have since updated this post to give details about the attack and

Uber Breached in Targeted Attack Read More »

What is Moonbounce Malware?

Articles, Information Assurance / Ian Reynolds

The MoonBounce UEFI malware hit the headlines due to the novel way it hides from anti-virus software. UEFI malware is on the rise – but what is it, and how can you protect your network from this sophisticated security threat? Securing the Operating System The UEFI standard (Unified Extensible Firmware Interface) defines the way

What is Moonbounce Malware? Read More »

LightBasin hacks telcos around the world

News / Ian Reynolds

LightBasin is a sophisticated threat actor that has established a persistent, long term presence in the heart of the network of at least 13 telecommunication companies around the world since 2019. According to research from Crowdstrike, the threat actor group known as UNC1945 or LightBasin, has been infiltrating the Linux and Solaris systems which run

LightBasin hacks telcos around the world Read More »

How to identify ProxyLogon – Hafnium attacks on your Exchange Server

News, Vulnerabilities / Ian Reynolds

Microsoft has updated their Microsoft Safety Scanner (MSERT) tool so that it detects Web Shells installed on your Exchange servers through the ProxyLogon vulnerability. Last week Microsoft issued emergency patches to address four zero-day exploits that were being exploited by the Hafnium group. Since the disclosures, criminal groups have been targeting Microsoft Exchange Servers around

How to identify ProxyLogon – Hafnium attacks on your Exchange Server Read More »

Hackers attempt to Poison Water Supply

News / Ian Reynolds

A hacker tried to poison the water supply in Oldsmar, Florida by dumping caustic soda into the water by adjusting the SCADA system in control of the water treatment plant. On Friday 5th February, an operator at the water plant noticed the mouse on his screen moving and accessing the control system software for the

Hackers attempt to Poison Water Supply Read More »

RDP used in fileless attacks

News / Ian Reynolds

Researchers have identified new attack vectors which leverage the RDP drive sharing feature to perform fileless attacks and plant malware. A standard feature of the Microsoft RDP implementation is the ability to share a drive from the client machine. This appears as a network share to the server device at \tsclient. An attacker who was

RDP used in fileless attacks Read More »

The people are the problem

Articles, Information Assurance / Ian Reynolds

As professionals in the technical discipline of Information Technology, it can be easy to forget that the risks that we need to guard against are more than purely technical. While it is true that patches need to be applied, security baselines followed, and firewalls configured – the job does not end there. For many organisations,

The people are the problem Read More »

security breach

DeepSeek Data Leak: How a Simple Security Flaw Exposed Over a Million Records

Canon Printers Retain Wi-Fi Information After Wipe

LastPass Hack Due to Unpatched Software

Uber Breached in Targeted Attack

What is Moonbounce Malware?

LightBasin hacks telcos around the world

How to identify ProxyLogon – Hafnium attacks on your Exchange Server

Hackers attempt to Poison Water Supply

RDP used in fileless attacks

The people are the problem

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch