Mozilla has published a security advisory warning of a critical security vulnerability in the Network Security Services libraries which are widely used by open-source software. While the bug does not impact Mozilla Firefox, it is thought to affect many other email clients and PDF viewers that use the electronic signature verification features of the NetworkRead more
Blog
Long considered a theoretical attack, HTTP request smuggling is now ‘soaring in popularity’ according to a new research paper published this month. What is HTTP request smuggling and what risk does it pose to your network? HTTP Request Smuggling (HRS) was first documented back in 2005. It is made possible by the way different webRead more
Creators and users of Operational Technology and IoT devices should pay attention to a new report from MITRE which reveals the Most Important Hardware Weaknesses causing security issues in 2021. For some years, MITRE has regularly reported on the most dangerous software security weaknesses by analysing the CVE vulnerability reports generated each year. Now theyRead more
35 billion, that’s billion with a B – IoT devices are using flawed hardware and copied reference code that leaves their security vulnerable according to a presentation at this month’s Def Con security conference. Cryptography relies on using random numbers, yet computers are very poor at generating random numbers and so they rely on anRead more
Pass the hash is a technique used to steal credentials and enable lateral movement within a target network. In Windows networks, the challenge-response model used by NTLM security is abused to enable a malicious user to authenticate as a valid domain user without knowing their password. Even though Kerberos has replaced NTLM as the preferred authenticationRead more
In their tenth annual Payment Security Report, Verizon reveals the security trends affecting businesses that seek PCI-DSS compliance and cybersecurity lessons applicable to all organisations. This year’s 140 page Payment Security Report from Verizon focuses on the role and challenges of the CISO and how this relates to the performance and security of businesses inRead more
According to a new report, 68% of organisations that suffered a network breach are the victim of a repeat attack within a year. Cyber-criminals assume that organisation will not learn a lesson from the first attack and return in the hope of easy pickings the second time around. The report from cybersecurity response firm CrowdstrikeRead more
NAT Slipstream allows an attacker outside the firewall to remotely access any TCP or UDP services running on a local machine, behind a NAT firewall, simply by tricking the victim into visiting a malicious website. Yes, you read that correctly- by using the NAT Slipstream attack, an attacker is able to send arbitrary traffic toRead more
A new report from Accenture details the rise of the Network Access Seller: expert hackers who secure a beachhead into corporate networks and then sell the access in well organised markets on the dark web. If you are a ransomware operator looking for a juicy corporate target, the Network Access Seller markets on the darkwebRead more
After 4 months beta-testing, GitHub has rolled out a new source code scanning service that will find security vulnerabilities in your home-grown software or open source tools. During the testing over 20,000 security vulnerabilities were discovered across 12,000 different projects including Remote Code Execution, SQL Injection and Cross Site-Scripting (XSS) flaws. GitHub is a MicrosoftRead more
