Distributed Denial of Service (DDoS) attacks are on the rise, with the second half of 2021 showing a 43% increase in attacks since the first half of the same year. The Microsoft Digital Defence Report for 2022 shows that so far in 2022 Microsoft have mitigated nearly 2000 DDoS attacks each day. This report also […]
The Threat of Holiday DDoS Attacks Read More »
The mistakes we make and how to fix them – a new report co-authored by the NCSC reveals the 10 most common security weaknesses exploited by hackers. A joint security alert from the National Cyber Security Centre UK (NCSC-UK) was released earlier this month, co-authored by cybersecurity bodies from the USA, Canada, New Zealand, and
10 Common Security Weaknesses and How To Defend Against Them Read More »
The security of every business is dependent on the security of its suppliers. From the PCs on peoples desks, to the servers in cloud, the firewalls in the office and the experts that connect to your network to tune your database or manage your servers. A security failing at any of these suppliers could allow
How to improve your supply chain security Read More »
Oracle has issued patches for a serious flaw in Java versions 15 to 18 which allows malicious actors to trivially forge digital signatures and TLS certificates that Java then accepts as valid. The problem lies in the Elliptic Curve Digital Signature Algorithm (ECDSA) which was re-written for Java 15 and this introduced the flaw which
Oracle Patches Java signature bypass flaw Read More »
‘Use After Free’ is the name given to security vulnerabilities that occur because of a problem with the way an application is managing its memory. When one part of a program attempts to use some memory that another part of the program has released because it is no longer needed the application may crash, produce
What is a Use After Free Vulnerability? Read More »
When the LAPSUS$ ransomware group broke into the network of Nvidia, the data they stole included two code signing certificates which are now being used to sign malware to help it bypass security defences. In order to prove that an application or driver is genuine and really does come from the named developer, a digital
Stolen Nvidia certs uses to sign malware Read More »
Mozilla has published a security advisory warning of a critical security vulnerability in the Network Security Services libraries which are widely used by open-source software. While the bug does not impact Mozilla Firefox, it is thought to affect many other email clients and PDF viewers that use the electronic signature verification features of the Network
Mozilla warns of digital signature vulnerability Read More »
Long considered a theoretical attack, HTTP request smuggling is now ‘soaring in popularity’ according to a new research paper published this month. What is HTTP request smuggling and what risk does it pose to your network? HTTP Request Smuggling (HRS) was first documented back in 2005. It is made possible by the way different web
What is HTTP request smuggling? Read More »
Creators and users of Operational Technology and IoT devices should pay attention to a new report from MITRE which reveals the Most Important Hardware Weaknesses causing security issues in 2021. For some years, MITRE has regularly reported on the most dangerous software security weaknesses by analysing the CVE vulnerability reports generated each year. Now they
MITRE reveals most important hardware weaknesses Read More »
35 billion, that’s billion with a B – IoT devices are using flawed hardware and copied reference code that leaves their security vulnerable according to a presentation at this month’s Def Con security conference. Cryptography relies on using random numbers, yet computers are very poor at generating random numbers and so they rely on an
Billions of IoT devices have vulnerable crypto Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.