Software companies have naturally embraced the cloud. It provides countless benefits for their clients, ranging from the lack of installation or maintenance of on-premises solutions to the ease of scalability. However, with benefits come risks as it provides Threat Actors with a single, centralised internet-facing target. Consequently, security becomes paramount. If you are a SaaS […]
07
Sep
Sep
Netgear has released patches for the firmware version of more than a dozen smart switches used in corporate networks. The patches address three high impact vulnerabilities, two of which have exploit code publicly available. Netgear has identified these bugs as PSV-2021-0140, PSV-2021-0144, PSV-2021-0145, CVE tracking numbers are yet to be assigned. Additionally, many products affected […]
18
Aug
Aug
Security experts are sending out a high alert on a critical vulnerability that heavily affected tons of devices used worldwide that are connected to the ThroughTek’s Kalay IoT cloud platform. The Impact The vulnerability impacts products from different companies that produce reconnaissance and video solutions that include home computerised IoT frameworks, which utilise the Kalay […]
12
Aug
Aug
Introduction Whitelisting is a cyber security strategy where a user granted administrative rights could take action on their computer. However, rather than attempting to keep one stride in front of threat attackers to recognise and obstruct malicious code, the IT staff would rather order a rundown of supported applications that a computer or a mobile […]
11
Aug
Aug
Three days after the revelation, cyber attackers are commandeering home routers from 20 vendors along with ISPs. The security blemish, followed as CVE-2021-20090, was revealed last week by specialists at Tenable. It influences gadgets from 20 unique sellers and ISPs (ADB, Arcadyan, ASMAX, ASUS, Beeline, British Telecom, Buffalo, Deutsche Telekom, HughesNet, KPN, O2, Orange, Skinny, […]
The Zimbra webmail solution is affected by two serious vulnerabilities that could allow an attacker to gain complete access to an organisation’s sent and received emails. Zimbra released patches in June for these vulnerabilities, which a researcher at SonarSource discovered. CVE-2021-35208, the first of these vulnerabilities, is a stored cross-site scripting vulnerability affecting the Document […]
28
Jul
Jul
So, here is the scenario: you’re sitting at your desk working away and suddenly realise an attacker has taken over your screen. The threat actor is now demanding a hefty payment in exchange to release access to the system. You immediately report the incident to the Chief Information Officer and wait nervously to see what […]
21
Jul
Jul
If only it were as simple as the popular ‘XYZ’ Antivirus (AV) software solution is the best antivirus software and outperforms all the rest. But, unfortunately, sometimes marketing can be deceiving. As expected, popularity and quality do not go hand in hand with most AVs. As a result, there has been poor progress in AV […]
13
Jul
Jul
Several vulnerabilities have been discovered in the Frontend File manager plugin in WordPress, which allows a remote attacker to inject malicious JavaScript into vulnerable websites. This is a class of vulnerability known as cross-site scripting (XSS). In this scenario, the XSS allows an attacker to: Delete blog pages Create admin user accounts Gain remote code […]
07
Jul
Jul
REvil ransomware producers have ported their malware over to Linux to expand their campaigns. The primary objective appears to be to infect VMware’s ESXi virtual machine management software and Network-attached storage (NAS) devices. Researchers at AT&T’s Alien Labs have identified four samples in the wild. Whilst not unheard of, Linux attacks are rarer than compromises […]