A Security Engineer at Evolution Gaming has discovered a Cross-site Scripting (XSS) vulnerability on the teams.microsoft.com domain. This could be abused to trigger a Remote Code Execution (RCE) flaw in the Microsoft Teams Desktop Application. According to the researcher, an attacker simply needs to send a specially crafted message to any Teams user or channel […]
02
Dec
Dec
A Remote Code Execution vulnerability, in the Oracle WebLogic Server, was recently discovered. The Oracle WebLogic vulnerability was due to the Oracle Fusion Middleware console component, according to Juniper Threat labs, almost 3000 Oracle WebLogic servers are reachable over the internet, based on Shodan statistics. Attackers are targeting potentially vulnerable WebLogic servers using at least […]
24
Nov
Nov
ISO 27001 Certification Cost ISO 27001 is an internationally recognised standard for information security management systems (ISMS). It provides a framework for organisations to establish, implement, maintain, and continually improve their information security practices. ISO 27001 outlines clear requirements for managing risks, safeguarding sensitive information, and ensuring data confidentiality, integrity, and availability within an organisation. […]
24
Nov
Nov
There was a spike in Phishing and business email compromises due to threat actors exploiting Google services. The attacks weaponize services such as Google Forms, Google docs, and Firebase on mobile to increase the legitimacy from the perspective of security filters and victims. Due to the open nature of the Google ecosystem, attackers are taking advantage […]
18
Nov
Nov
What are the Signs of a Social Engineering Attack and How Can you Prevent Them? Social engineering is the most significant risk in the cyber threat landscape today. Over 98%[1] of cyber attacks rely on social engineering target staff as the primary attack vector, but many of you already know that. What are the signs […]
17
Nov
Nov
Multiple security advisories related to critical flaws in the Cisco Security Manager product have been released. These revelations come a week after patches for platform version 4.22 were released. A security researcher, Florian Hauser of Code White, disclosed proofs-of-concept for 12 vulnerabilities that affected the CSM web interface. These vulnerabilities make it possible for an […]
12
Nov
Nov
The Intel Support Assistant utility was found to be vulnerable to privilege escalation through file manipulation and symbolic links, putting millions of Windows users at risk. The impact: The Intel Support Assistant was found to interact insecurely with nonprivileged data and directories, giving attackers the ability to execute code as privileged programs by modifying a […]
11
Nov
Nov
It is estimated that six in ten SMEs that suffer a breach are likely to go out of business within six months. With COVID-19 having a huge impact on profitability this year, no business can easily recover financially from a cyber attack. Cyber security is essential to the business’s risk management programme regardless of size. […]
05
Nov
Nov
Security researcher, Samy Kamkar, has discovered a technique that allows an attacker to bypass NAT/Firewall protections, leading to remote access of any TCP/UDP port service on the target system. Dubbed “NAT Slipstreaming”, this attack involves social engineering, the attacker sends the victim a link to a malicious site or a legitimate site with adware. When […]
28
Oct
Oct
A high-risk vulnerability, rated as 7.8 in CVSS v3.1, affecting Windows 10.3.0 and earlier exists in the Hotspot Shield VPN client software. This allows an authorised user to potentially perform local privilege escalation. The impact: The flaw exists in improper directory permissions on a log folder for the software client. It allows a local user […]