The official PHP Git repository suffered a software supply chain attack this week. Two malicious commits were pushed to the repository, where the attackers sign the commits with falsified but plausible aliases. An RCE backdoor was uploaded, which executes a backdoor in the HTTP protocol’s user agent header field. According to the PHP maintainers, the […]
23
Mar
Mar
“Bad Things Come in Threes.” Three historical vulnerabilities have been discovered in the Linux kernel. If exploited, it could be used to gain root access to those systems. The original researchers from the security firm GRIMM have stated that these vulnerabilities remained undiscovered for 15 years. The vulnerabilities exist in the Linux kernel SCSI (Small […]
17
Mar
Mar
Why else should you attend the webinar? You’ll not only receive expert insight into triggers and mistakes to avoid but will have the opportunity to ask your pressing questions surrounding the DPIA tool – which is the key to DPA and GDPR compliance. What else will be covered on DPIAs? The 4 objectives for […]
11
Mar
Mar
Phishing attacks targeting Microsoft users are leveraging a fake Google reCAPTCHA page. Attackers are sending thousands of emails to steal Office 365 account credentials. Combined with the forged reCAPTCHA ruse, top-level domain landing pages that include the victim’s company logo were discovered. Researchers say that at least 2,500 emails have been flagged after being sent […]
02
Mar
Mar
Here’s a funny thing – recital 84 of the EU’s GDPR legislation states “…where processing operations are likely to result in a high risk to the rights and freedoms of natural persons, the controller should be responsible for the carrying-out of a data protection impact assessment…”. Paragraph 1 of Article 35 says pretty much the […]
02
Mar
Mar
Threat actors are targeting companies to include Zillo, Amazon and Slack’s NodeJS applications by using a new vulnerability known as “Dependency Confusion”. By utilising this vulnerability, attacks can steal Unix based system password files and open reverse shells back to an attacker. The attacker creates packages utilising the same names as a company’s internal component […]
Apple’s new M1 chips had no known malware for them…until now. A vulnerability dubbed the “Silver Sparrow” is an activity cluster that includes a malicious binary compiled to run on the new model. What is unique about this vulnerability, and does it lack a payload? Silver Sparrow uses a launch agent to establish persistence, which […]
18
Feb
Feb
Are you managing personal data deletion correctly under the DPA and GDPR? Does everyone in your organisation know what to delete and when to delete? It might seem like an easy task but many still struggle with this. The deletion of 213,000 UK police records due to incorrectly flagged files for deletion is a good […]
18
Feb
Feb
Cyber security is a journey and not just a destination. In the ever-changing security landscape, regular testing and mitigation are required. To prevent testing efforts from feeling like a sinkhole in time and funding, KPIs can be used to track the output of testing to show progress and motivate internal teams to improve their practices. […]
16
Feb
Feb
Several unpatched vulnerabilities were discovered in the ShareIT Android application by Trend Micro, an app with over one billion downloads that is used for sharing files between users and their devices. The vulnerability is believed to have been unpatched for three months, which allows an attacker to achieve remote code execution (RCE) on the victim’s […]