LightBasin is a sophisticated threat actor that has established a persistent, long term presence in the heart of the network of at least 13 telecommunication companies around the world since 2019. According to research from Crowdstrike, the threat actor group known as UNC1945 or LightBasin, has been infiltrating the Linux and Solaris systems which runRead more
Blog
Microsoft has updated their Microsoft Safety Scanner (MSERT) tool so that it detects Web Shells installed on your Exchange servers through the ProxyLogon vulnerability. Last week Microsoft issued emergency patches to address four zero-day exploits that were being exploited by the Hafnium group. Since the disclosures, criminal groups have been targeting Microsoft Exchange Servers aroundRead more
A hacker tried to poison the water supply in Oldsmar, Florida by dumping caustic soda into the water by adjusting the SCADA system in control of the water treatment plant. On Friday 5th February, an operator at the water plant noticed the mouse on his screen moving and accessing the control system software for theRead more
Researchers have identified new attack vectors which leverage the RDP drive sharing feature to perform fileless attacks and plant malware. A standard feature of the Microsoft RDP implementation is the ability to share a drive from the client machine. This appears as a network share to the server device at \\tsclient. An attacker who wasRead more
As professionals in the technical discipline of Information Technology, it can be easy to forget that the risks that we need to guard against are more than purely technical. While it is true that patches need to be applied, security baselines followed, and firewalls configured – the job does not end there. For many organisations,Read more
Anti-virus company Avast has revealed they were breached over several months, after identifying the suspicious activity on their network on 23rd September according to a blog post by their CISO. Avast think their CCleaner software was the target of a supply chain attack – with the hackers attempting to repeat the 2017 insertion of maliciousRead more
Webmin, the web-based interface for system administration for Unix and Linux, had a remote code execution vulnerability deliberately introduced into its source code in April 2018. It was only publicised in August 2019 when a zero day exploit was published at DefCon 27. Webmin has been installed over a million times worldwide. The malicious codeRead more
Microsoft details IoT devices used in corporate breaches in new report. Microsoft’s Security Response Centre has recently published a report listing several instances they have analysed where IoT devices were used as a beach head in attacks against corporate networks. There are more IoT (Internet of Things) devices currently in use than the total number of mobileRead more
Over 106 million individuals have had their credit application details stolen from Amazon S3 data buckets which had been insecurely configured by Capital One. The 30Gb of data from the S3 bucket was downloaded and then posted onto a Github account by the attacker. The stolen data was soon spotted and then reported to Capital One’sRead more
The record fine of £183,000,000 for a UK data breach signals a new era for the economics of information security. The first fine issued by the UK’s Information Commissioners Office (ICO) under the GDPR regime is 367 times higher than the previous maximum fine levied against Facebook in the aftermath of the Cambridge Analytica scandal.Read more
