Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Quality Policy
    • Security Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us

Blog

Home Search results for "web applications"

What is the Spring4Shell vulnerability?

By Mark Faithfull | News, Vulnerabilities | 6 April, 2022 | 0

Spring is a popular enterprise grade application framework for Java, and Spring4Shell is the name given to a remote code execution vulnerability disclosed at the end of March. There has been a lot of hype and confusion in the tech press surrounding this vulnerability, including confusing it with a CVE for Spring Cloud Function whichRead more

Chrome leads the way with security changes

By Mark Faithfull | News, Tools | 19 January, 2022 | 0

Starting in March 2022, Google Chrome will start supporting the new Private Network Access standard which will help protect local network devices from malicious internet traffic. Private Network Access, or PNA, will prevent malicious websites from using the victim’s browser as a proxy to relay cross-site request forgery attempts to devices on the user’s localRead more

What is HTTP request smuggling?

By Mark Faithfull | Articles, Web Applications | 25 November, 2021 | 0

Long considered a theoretical attack, HTTP request smuggling is now ‘soaring in popularity’ according to a new research paper published this month.  What is HTTP request smuggling and what risk does it pose to your network? HTTP Request Smuggling (HRS) was first documented back in 2005.  It is made possible by the way different webRead more

Palo Alto Networks patches VPN/Firewalls

By Mark Faithfull | News, Vulnerabilities | 17 November, 2021 | 0

Palo Alto Networks has released a critical patch for their firewalls with GlobalProtect  Portal or Gateway interfaces.  With a critical severity rating of 9.8, this memory corruption vulnerability could allow an attacker to execute remote code on the firewall with root privileges. According to the security advisory published by Palo Alto Networks: This issue isRead more

Windows Containers and Kubernetes under attack

By Mark Faithfull | News, Vulnerabilities | 10 June, 2021 | 0

Microsoft has warned that Kubernetes clusters are being targeted in a cryptomining attack while Palo Alto Networks has identified the first malware that targets Windows Containers – in order to compromise the Kubernetes clusters that host them. Cryptomining on Kubernetes Kubeflow is a popular framework for deploying Machine Learning workloads in a Kubernetes environment.  MicrosoftRead more

HPE patches RCE 0day in SIM software

By Mark Faithfull | News, Vulnerabilities | 2 June, 2021 | 0

Hewlett Packard Enterprise has released a patch to fix a critical remote code execution vulnerability in the Windows version of their System Insight Manager. The bug in the Federated Search and CMS Configuration (CVE-2020-7200) feature of version 7.6.x of HPE SIM, has a critical CVSS score of 9.8.  According to the security advisory from HPE,Read more

Users of TOR network hit by man-in-the-middle attacks

By Mark Faithfull | News, Vulnerabilities | 12 May, 2021 | 0

Over 25% of the TOR network exit nodes have been under the control of malicious actors who are performing man-in-the-middle attacks against network users. What is the TOR Network The TOR Network is a volunteer run network of relay servers that aims to provide anonymous and secure internet access that prevents its users from beingRead more

What is a Pass-The-Cookie Attack?

By Mark Faithfull | Articles, Web Applications | 25 March, 2021 | 0

By using Pass-the-cookie techniques, attackers can access web applications without knowing a userid, password or even the one-time password from a multi-factor system. And if the web application in question is the management console for your AWS, Google or Azure environment then they stolen have the keys to your kingdom. In January 2021, CISA drewRead more

Browsers block more ports to prevent NAT Slipstream attacks

By Mark Faithfull | News, Tools | 10 March, 2021 | 0

Web browsers are adding more TCP ports to their block lists in an attempt to prevent exploitation of NAT Slipstream attacks. NAT Slipstreaming is an attack which tricks the NAT router into allowing external traffic through the NAT firewall to target any internal network device by abusing protocols such as SIP or H.323 where thisRead more

What are Web shell attacks?

By Mark Faithfull | Articles, Web Applications | 18 February, 2021 | 5

Web shell attacks have doubled over the last 6 months according to Microsoft’s Detection And Response Team.  But, what are Web Shell Attacks and how can you defend against them? In a recent blog post, Microsoft’s DART detailed the rise in Web Shell Attacks that have been uncovered in Windows Defender telemetry- growing from anRead more

123

Recent Posts

  • ZuoRAT Malware Targets Home-Office Routers
  • Microsoft Patches Linux Cluster Bug
  • Log4Shell (still) actively exploited on VMware Systems
  • Vulnerability reported on QNAP NAS Devices
  • How the Phone-Wiping Banking Trojan BRATA is Becoming a More Advanced Threat

Recent Comments

    Archives

    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • April 2020
    • March 2020
    • February 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • July 2018
    • June 2018
    • April 2018
    • January 2018
    • October 2017
    BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS ISO 9001 ISO 27001
    information. secured.
    • Home
    • Our Services
      • Infrastructure Testing
        • Internal Network Penetration Test
        • External Network Penetration Test
        • Wireless Network Penetration Test
        • Vulnerability Assessment
        • Network Segregation Test
        • Voice over IP (VoIP) Penetration Test
      • Application Testing
        • Web Application Penetration Test
        • Mobile Application Penetration Test
        • Desktop Application Security Assessment
        • Citrix Breakout Test
      • Configuration Review
        • Windows Server Build Review
        • Linux Server Build Review
        • Citrix Configuration Review
      • Information Assurance
        • ISO 27001 Gap Analysis
      • Cyber Essentials
    • News
    • Articles
    • About
      • About SecureTeam
      • STORM Appliances
        • Installing a STORM Device
        • Returning a STORM Device
      • White-Label Consultancy
      • Jobs
      • Cookie Policy
      • Quality Policy
      • Security Policy
      • Privacy Notice
      • Website Terms & Conditions
    • Contact Us
    SecureTeam