SecureTeam

How Poor Library Hygiene Compromises your Application Security

Modern software development makes extensive use of open-source libraries that save development time and money. However, 79% of developers fail to keep those libraries up to date leaving their code vulnerable to newly discovered flaws and vulnerabilities. A new report from testing firm Veracode reveals some worrying trends that Security Managers should discuss with their […]

How Poor Library Hygiene Compromises your Application Security Read More »

What is Cyber Supply Chain Risk Management?

Articles, Infrastructure / Ian Reynolds

Recent high-profile security incidents, such as the compromises at SolarWinds and CodeCov and the vulnerabilities in Microsoft Exchange Server, have drawn attention to the risks posed by the software we invite into the heart of our networks and often trust implicitly. The processes and procedures for identifying and mitigating the risks posed by these third-party

What is Cyber Supply Chain Risk Management? Read More »

Compromise of Codecov dev tools affects thousands of customers

News, Vulnerabilities / Ian Reynolds

An unauthorised change to a script used by Codecov customers to upload software test results has stolen the credentials and API tokens for thousands of organisation’s development environments. Codecov is a tool used to track what percentage of an application’s source code has been exercised during software testing. To do this, it is integrated into the

Compromise of Codecov dev tools affects thousands of customers Read More »

What is a dependency confusion attack?

News / Ian Reynolds

A new whitepaper from Microsoft highlights the risks of software supply chain attacks for organisations that pull package dependencies from public repositories like npm, RubyGems and PIP. A dependency confusion attack or supply chain substitution attack occurs when a software installer script is tricked into pulling a malicious code file from a public repository instead

What is a dependency confusion attack? Read More »

SolarWinds and Solarigate Hacks Explained

Articles, Information Assurance / Ian Reynolds

Described as the most sophisticated hack ever – what is the SolarWinds hack and how might it affect your business? SolarWinds provides network monitoring software to thousands of large enterprises and government departments. One of the SolarWinds products, called Orion, was compromised in a supply chain attack, and was then used to deliver Solarigate malware

SolarWinds and Solarigate Hacks Explained Read More »

100000 Zyxel firewalls have hardcoded backdoor exposed

News, Vulnerabilities / Ian Reynolds

Taiwan based Zyxel Networks has issued patches for their enterprise grade firewalls after a hard coded credential vulnerability was discovered by security researchers. The vulnerability provides attackers with root level access over SSH or the Web Administration interface allowing firewall rules to be changed to permit easy access to the network behind the firewall. Zyxel

100000 Zyxel firewalls have hardcoded backdoor exposed Read More »

SolarWinds hack sends chills through security industry

News, Vulnerabilities / Ian Reynolds

SolarWinds provides tools used by security and network managers in many of the largest businesses and governments in the world. Since March 2020 hackers inserted their own code into SolarWinds Orion software which was downloaded by some 18,000 customers – providing a backdoor into those customers’ networks. SolarWinds Orion is a network health and performance

SolarWinds hack sends chills through security industry Read More »

Google Patches Chrome Zero-Day Vulnerability

News, Vulnerabilities / Ian Reynolds

Google has issued an urgent update for Chrome which patches a zero-day vulnerability under active exploitation. The Chrome team took just one day from report of the vulnerability to issuing the patch, such is the danger posed by this flaw. The patch is included in Chrome version v86.0.4240.111 (CVE-2020-15999) – any older versions should be

Google Patches Chrome Zero-Day Vulnerability Read More »

Visual Studio RCE Vulnerability Patched

News, Vulnerabilities / Ian Reynolds

Microsoft has patched a Remote Code Execution vulnerability in Visual Studio which could be exploited by creating a code repository – such as for a popular open source tool – and convincing a developer to clone and open it. The vulnerability (CVE-2020-17023) exists in the handling of the ‘package.json’ file and can be exploited to

Visual Studio RCE Vulnerability Patched Read More »

What is the Achilles vulnerability?

News, Vulnerabilities / Ian Reynolds

Achilles is the name of a set of 400 security vulnerabilities found in the Qualcomm chips that power a billion Android devices – many of which may never get fixed. Discovered by researchers at CheckPoint, the vulnerabilities all relate the DSP chip which is part of the Snapdragon processor that powers the phones and tablets.

What is the Achilles vulnerability? Read More »

supply chain attacks

How Poor Library Hygiene Compromises your Application Security

What is Cyber Supply Chain Risk Management?

Compromise of Codecov dev tools affects thousands of customers

What is a dependency confusion attack?

SolarWinds and Solarigate Hacks Explained

100000 Zyxel firewalls have hardcoded backdoor exposed

SolarWinds hack sends chills through security industry

Google Patches Chrome Zero-Day Vulnerability

Visual Studio RCE Vulnerability Patched

What is the Achilles vulnerability?

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch