Microsoft starts the year with their first patch Tuesday bundle of security fixes targeting 10 Critical vulnerabilities include a zero-day being exploited in Windows Defender. The Windows Defender vulnerability (CVE-2021-1647) is reported by Microsoft as having been detected under active exploitation in the wild – but precious little context information is provided under the firm’s […]
Microsoft Patches Critical Bugs Read More »
Three years after the initial warning, Adobe has officially killed off Flash software. In recent years Flash had developed a reputation for being a security risk on many systems due the high number of vulnerabilities discovered and exploited in the software. Now the software reached end-of-life on 31 December 2020 and Adobe will no longer
Flash is dead – now delete it from your system Read More »
A recent court case underlines the importance of good operational security procedures to manage employee and contractor exits to ensure all their access is revoked. A man has been sentenced to two years after deleting 456 virtual machines from Cisco’s infrastructure – 4 months after resigning from the firm. As a result of the malicious
When Good Employees Go Bad Read More »
File Integrity Monitoring systems generate alerts when intruders make unexpected changes to the files on your servers – either by changing existing files or creating new ones. Robust cybersecurity can be most effectively achieved by adopting a ‘defence in depth’ approach. This means deploying several layers of protection, using different technologies so that the overlapping
What is file integrity monitoring? Read More »
According to a new report, 68% of organisations that suffered a network breach are the victim of a repeat attack within a year. Cyber-criminals assume that organisation will not learn a lesson from the first attack and return in the hope of easy pickings the second time around. The report from cybersecurity response firm Crowdstrike
Two thirds of cyber-crimes repeated within 12 months Read More »
SAD DNS is a protocol level vulnerability in the DNS system. Microsoft has published a new security advisory which offers a mitigation to protect your DNS systems from spoofing or poisoning. If an attacker is able to successfully exploit the SAD DNS vulnerability (CVE-2020-25705), it will be possible to spoof a DNS packet which is
Microsoft releases SAD DNS mitigation Read More »
Oracle patched a vulnerability in their WebLogic server in October 2020 – eight days later working exploit code was published online and now it is being used by criminals. CVE-2020-14882 allows an attacker to perform a Remote Code Execution attack with minimal effort or skill required. Juniper Networks security researchers reports at least five different
Hackers target Oracle WebLogic vulnerability Read More »
VMWare has issued a security advisory warning of a command injection vulnerability that could allow someone with access to the VMWare Configurator admin account to issue command with unrestricted privileges on the underlying operating system. The vulnerability (CVE-2020-4006) affects VMWare Workspace One Access, Access Connector, Identity Manage and Identify Manager Connector administrative configurator. A malicious
VMWare warns of critical zero-day vulnerability Read More »
The UK National Cyber Security Centre has issued an alert warning that multiple actors are attempting to exploit a MobileIron vulnerability to compromise the networks of UK organisations. MobileIron issued a security patch in June 2020 for their Mobile Device Management system to resolve several vulnerabilities in their software. Included was a critical remote code
NCSC alerts over MobileIron vulnerability Read More »
An award winning security paper published this week explains a newly discovered vulnerability called SAD DNS which leaves many websites vulnerable to man-in-the-middle and impersonation attacks. DNS is the system that converts friendly website addresses (www.secureteam.co.uk) into the numeric IP addresses used by TCP/IP. SAD DNS is a flaw discovered in the DNS protocol which
SAD DNS vulnerability revives risk of DNS poisoning Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.