Risk Rating: HIGH Affected Products: Google Chrome Affected Version:Versions previous to 103.0.5060.114 Patched Version: 103.0.5060.114 Vendor: Google Date: 01/07/2022 Introduction: A zero-day vulnerability was identified and disclosed to Google that affects the WebRTC (Web Real-Time Communications) component within the browser, which allows for exploitation of a Heap Buffer Overflow vulnerability. Technical details are limited at […]
If you’re considering a penetration test to identify and fix vulnerabilities within your business, you might not know which type of pen test is best for you. In this article, we explore the types of penetration testing available, and what they are best for. What are the Different Types of Penetration Testing? Risk Crew offers […]
11
May
May
With the ever-increasing threat of data breaches for many organisations, testing your security systems is the only way to find vulnerabilities. When discussing cyber security tests, the terms “Red Team” and “Blue Team” are often mentioned. In this article, we will cover what the two teams are, their roles and how they work together to […]
Risk Rating: CRITICAL Affected Products: F5 Big-Ip Affected Version:16.1.0-16.1.2/ 15.1.0-15.1.5 / 14.1.0-14.1.4 / 13.1.0-13.1.4 /12.1.0-12.1.6 / 11.6.1-11.6.5 Patched Version: 17.0.0 / 16.1.2.2 / 15.1.5.1 / 14.1.4.6 / 13.1.5 Proof-of-Concepts available: yes Vendor: F5 Date: 04/05/2022 Introduction: F5 Big-Ip load-balancers can be abused to obtain Remote Command Execution (RCE). These devices have an administrative interface (iControl […]
Information security risk assessments are crucial for any businesses that deal with any sensitive information that could potentially cause harm if accessed, shared, modified, or deleted. In this article, we cover how your business can benefit from a security risk assessment, how they are conducted, and how you can use the assessment findings to improve […]
Risk Rating: CRITICAL Affected Products: Avaya series; Aruba Affected Version: ERS3500/ERS3600/ERS4900/ERS5900; Aruba 5400R/3810/2920/2930F/2930M/2530/2540 Patched Version: N/A Vendor: Aruba and Avaya network switches Date: 04/05/2022 Introduction: Five critical vulnerabilities were identified within the various models of Aruba and Avaya network switches. The vulnerabilities affect the implementation of the TLS stack within those devices. Insecure memory management […]
Risk Rating: HIGH Affected Product: Java SE & Oracle GraalVM Enterprise Edition product of Oracle Java SE Affected Version: Versions 15, 16, 17 & 18, Oracle GraalVM Enterprise Edition: 21.3.1 & 22.0.0.2 Patched Version: April 2022 Critical Patch Update Vendor: Oracle Date of Disclosure: 19.04.2022 Introduction: A vulnerability exists within the implementation of ECDSA cryptographic […]
Risk Rating: HIGH Affected Product: Cisco Umbrella Virtual Appliance Affected Version: Virtual Appliance <= 3.3.2 Patched Version: Please see Remediation(s) section for more details. Vendor: Cisco Date of Disclosure: 20.04.2022 Introduction: Cisco Umbrella Virtual Applications contains a vulnerability in the key based SSH authentication mechanism which could potentially allow a remote unauthenticated attacker to impersonate […]
13
Apr
Apr
Simply put — social engineering works. Ask any Threat Actor in the business. Social engineering was behind more than 95% of the attacks reported last year by Purplesec. Consequently, educating your staff on what it is and how to spot it is nothing less than critical. Here are the top 10 most common types of […]
31
Mar
Mar
Yes. We know. A lot has been written on how to spot phishing attacks over the last few years. And yet, not a week goes by wherein we hear of several companies that suffer cyber-attacks because a staff member falls victim to a classic phishing email that should have been easily spotted. Why is that? […]