Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us

Blog

Home Search results for "security testing"

Two thirds of cyber-crimes repeated within 12 months

By Mark Faithfull | News | 9 December, 2020 | 0

According to a new report, 68% of organisations that suffered a network breach are the victim of a repeat attack within a year.  Cyber-criminals assume that organisation will not learn a lesson from the first attack and return in the hope of easy pickings the second time around. The report from cybersecurity response firm CrowdstrikeRead more

NAT Slipstream attack defeats NAT firewalls

By Mark Faithfull | Articles, Infrastructure | 19 November, 2020 | 0

NAT Slipstream allows an attacker outside the firewall to remotely access any TCP or UDP services running on a local machine, behind a NAT firewall, simply by tricking the victim into visiting a malicious website. Yes, you read that correctly- by using the NAT Slipstream attack, an attacker is able to send arbitrary traffic toRead more

What is a Network Access Seller?

By Mark Faithfull | News | 18 October, 2020 | 0

A new report from Accenture details the rise of the Network Access Seller: expert hackers who secure a beachhead into corporate networks and then sell the access in well organised markets on the dark web. If you are a ransomware operator looking for a juicy corporate target, the Network Access Seller markets on the darkwebRead more

GitHub can now find security vulnerabilities in your code

By Mark Faithfull | News, Tools | 10 October, 2020 | 0

After 4 months beta-testing, GitHub has rolled out a new source code scanning service that will find security vulnerabilities in your home-grown software or open source tools.  During the testing over 20,000 security vulnerabilities were discovered across 12,000 different projects including Remote Code Execution, SQL Injection and Cross Site-Scripting (XSS) flaws. GitHub is a MicrosoftRead more

How Return-Oriented Programming exploits work

By Mark Faithfull | Articles | 18 September, 2020 | 0

Return-Oriented Programming is a security exploit technique used by attackers to execute code on their target system.  By obtaining control of the call stack, the attacker can control the flow of existing trusted software running on the computer and manipulate it to their own ends.  New research published this month has demonstrated how SPECTRE style vulnerabilitiesRead more

The most dangerous vulnerabilities of 2020

By Mark Faithfull | News, Tools | 9 September, 2020 | 0

The Common Weaknesses Enumeration project has released their 2020 list of the 25 most dangerous software vulnerabilities.  The list describes the types of vulnerabilities that have resulted in CVE being issued over the last two years. The project describes itself as: The 2020 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses (CWE TopRead more

Southern Water leaks customer details

By Mark Faithfull | News | 3 September, 2020 | 0

Southern Water found itself in hot water last week when a security researcher discovered a server side request forgery exploit in their customer service system. The (quickly rectified) mistake on the Southern Water customer self-service portal allowed the URL to be manipulated in order to display the details of another arbitrary customer account.  The targetRead more

TeamViewer fixes credential theft vulnerability

By Mark Faithfull | News, Vulnerabilities | 13 August, 2020 | 0

TeamViewer Gmbh have released a patch for their Windows Desktop client to fix a credential leaking vulnerability which could allow a malicious webpage to obtain the hashed NTLM credentials of the active Windows user account. A simple flaw (CVE-2020-13699) in the way the TeamViewer desktop client handles custom URI handlers means a malicious webpage canRead more

What is Security Awareness Training

By Mark Faithfull | Articles, Information Assurance | 17 June, 2020 | 0

Security Awareness Training is an essential component of any organisation’s information security. Even though it is mandated by frameworks such as PCI-DSS or ISO 27001, Security Awareness Training should be more than just a compliance exercise.  A good security awareness training programme will drive changes in behaviour amongst staff, suppliers and customers that will improveRead more

What is server hardening ?

By Mark Faithfull | Articles, Infrastructure | 31 March, 2020 | 0

Server hardening is a set of disciplines and techniques which improve the security of an ‘off the shelf’ server.  Server Hardening is requirement of security frameworks such as PCI-DSS and is typically included when organisations adopt ISO27001.   What is the attack surface The aim of server hardening is to reduce the attack surface ofRead more

12

Recent Posts

  • Apple patches critical iOS vulnerabilities
  • Critical SUDO vulnerability discovered
  • GDPR Fines continue to grow
  • NetLogon Security Changes coming in February
  • CISA Warns of Pass-the-Cookie attack

Tags

Android Apple blockchain Bluetooth Chrome Cisco credential stuffing cyber crime cyber essentials cyber security cyber security news Data Protection DNS Ethereum Exchange Server exim fileless formjacking GDPR Intel IoT Linux MacOS Meltdown microsoft ncsc patching penetration testing phishing ransomware RDP security breach Security operations security testing SIEM Spectre supply chain attacks Sysinternals Tomcat TPM Unix vulnerability management web applications web browsers wireless

Archives

  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • July 2018
  • June 2018
  • April 2018
  • January 2018
  • October 2017
BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS ISO 9001 ISO 27001
information. secured.
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us
SecureTeam
SecureTeam use cookies on this website to ensure that we give you the best experience possible. If you continue to use our site we will assume that you are happy with cookies being used.OkRead more