Researchers from the German IT Magazine publisher CHIP discovered hundreds of potential vulnerabilities across nine vendors of popular wireless routers. The following vendors could be affected: Asus AVM D-Link Netgear Edimax TP-Link Synology Linksys The researchers analysed the configuration of network devices using the IoT Inspector’s firmware security platform, which performs automated checks for thousands […]
03
Dec
Dec
Security experts from Google Project Zero detected two vulnerabilities in the video conferencing application Zoom that heavily expose users to attacks. These vulnerabilities have an impact on Zoom clients who use Windows, macOS, Linux, iOS and Android. The impact The first vulnerability, known as CVE-2021-34423 has a harsh effect on buffer overflow vulnerability that was given a CVSS base score of […]
23
Nov
Nov
Threat actors are leverage known vulnerabilities against unpatched exchange servers to distribute malware and avoid detection by abusing internal reply-chain emails. TrendMicro researchers have discovered that threat actors have distributed malicious emails to internal employees on corporate networks through an interesting tactic. They start by exploiting Microsoft exchange servers which remain vulnerable to ProxyLogon and […]
22
Nov
Nov
More than often when organisations are directed by the board to deploy a Red Team test, there is often confusion on what testing should encompass. Many often think Red Team testing is just robust penetration test – but in fact, each have many differences. Although there are some similarities, they differ not only in terms […]
09
Nov
Nov
Christmas is here, which only means that it is officially shopping season and considering the supply chain issues, many have started to stock up, especially from Amazon. Unfortunately, this is where hackers find the perfect opportunity to use their expertise to spoof purchase notifications in order to get access to financial information. Typically, a hacker […]
07
Oct
Oct
Typically, ROI is seen as money spent vs money received to see if the investment is profitable. In this case, it is the security testing investment vs savings (average cost of a breach minus security testing cost). If you are curious about why a red team test improves testing ROI and how to gain an […]
28
Sep
Sep
Security researchers from the Eclypsium research team have discovered a vulnerability in the Windows Platform Binary Table (WPBT) that allows attackers to install rootkits on all Windows devices shipped since 2012. WBPT is a fixed firmware ACPI (Advanced Configuration and Power Interface), introduced in Windows 8 to allow vendors to execute programs when the devices […]
21
Sep
Sep
There is no doubt that the number of qualified and available cyber security experts is decreasing. A study by the Center of Cyber Safety and Education identified that there may be close to 100,000 unfilled UK cyber security jobs by 2022. With this staggering statistic, it’s no wonder why many organisations battle to fill the […]
20
Sep
Sep
The maintainers of Travis CI, a continuous integration provider located in Berlin, have patched a vulnerability that exposes API and signing keys as well as access credentials to unauthorised third parties. This vulnerability possibly impacts thousands of companies and the maintainers have been criticised for not releasing any technical advisories on the issue itself. The […]
16
Sep
Sep
An ongoing Zloader campaign utilises a new methodology to disable Microsoft Defender Antivirus. Formerly known as Windows Defender. Microsoft Defender Antivirus is currently running on over a billion instances of Windows 10, according to Microsoft’s own statistics. The threat actors have begun to utilise various applications such as Discord, TeamViewer and Zoom advertisements on Google […]