Microsoft Azure Sphere versions 20.07 and 20.06 contain vulnerabilities such as remote code execution and privileges escalation. This could allow an attacker to gain access to sensitive information and possibly get admin-level permissions on the affected machine. These vulnerabilities could have severe consequences, so make sure you patch it before it is used against you. […]
21
Aug
Aug
As security professionals with nearly two decades in the industry, we understand the significance of choosing the right penetration testing service provider. It’s important to not only look for testers with the technical skills required but they should be trustworthy highly experienced, credible and deliver on their promises of testing, reporting and remediation. They should […]
19
Aug
Aug
The NHS Test and Trace Programme leaves no doubt that it involves the processing of personal data on a large scale. The service was established to form a central part of the government’s coronavirus recovery strategy was formally launched on the 28th of May 2020. The aim of this service is to help identify, contain […]
19
Aug
Aug
Once you have successfully attained Cyber Essentials Plus (CE+) certification and the celebrations are over, what do you do? Do you just sit back and be happy that CE+ has been achieved or do you build upon it? Well, it all depends on why you undertook to achieve CE+ in the first place. Many companies […]
17
Aug
Aug
Amazon Alexa subdomains have been found to be vulnerable to Cross-Origin Resource Sharing and Cross-Site Scripting. Exploiting these would have allowed an attacker to install or remove apps without the user’s knowledge and gather information about the device and the user(s). It would have only required one click from a specially crafted amazon link. IoT […]
13
Aug
Aug
Certifying to Cyber Essentials Plus Although many organisations pursue Cyber Essentials Plus (CE+) certification in order to meet public sector contract requirements, there are other numerous benefits of Cyber Essentials Plus. These are self-evident to most information security professionals, but in case you’re struggling for words here they are. Reassure customers that you are working […]
13
Aug
Aug
The EU-US Privacy Shield was invalidated on the 16th of July 2020 by a ruling of the EU Court of Justice (CJEU). This ruling was done in the case known as Schrems II (C-3111/18). This case challenged the processes for personal data transfers between the EU and the US on the basis to hold that […]
A CVE (CVE-2020-13699) was announced in Team Viewer’s Windows Application Successful exploitation of this highlighted vulnerability would allow an attacker to open Team Viewer via a malicious web application. This could then be leveraged to force Team Viewer to send a password to the attacker for cracking. The affected Team Viewer versions are: teamviewer10, […]
04
Aug
Aug
Secure your applications to avoid over 43% of breaches Did you know the primary applications used by most businesses are web applications (i.e. websites)? Attacks against web applications are attacks on the application layer. Verizon’s 2020 data breach report suggests web applications were involved in 43% of known breaches. Statistics cannot be used to account […]