Please consider updating your browser. Some parts of the website may not function as intended.

The Critical Golang XML Parser Bug Can Cause SAML Authentication Bypass

Critical Golang XML parser bug

How the Critical Golang XML parser bug cause SAML authentication bypass? Security researchers at Mattermost, coordinating with the Go security team disclosed three critical vulnerabilities within the Go languages XML parser. If exploited, these vulnerabilities can lead to a complete bypass of Security Assertion Mark-up Language (SAML) authentication, as the vulnerabilities impact Go’s implementation of […]

“Wormhole” Wormable Zero-Click Vulnerability in Microsoft Teams

Microsoft teams vulnerability

A Security Engineer at Evolution Gaming has discovered a Cross-site Scripting (XSS) vulnerability on the domain. This could be abused to trigger a Remote Code Execution (RCE) flaw in the Microsoft Teams Desktop Application. According to the researcher, an attacker simply needs to send a specially crafted message to any Teams user or channel […]

“Dark tidings” Recent Oracle WebLogic vulnerability exploited by DarkIRC Malware

Oracle WebLogic vulnerability

A Remote Code Execution vulnerability, in the Oracle WebLogic Server, was recently discovered. The Oracle WebLogic vulnerability was due to the Oracle Fusion Middleware console component, according to Juniper Threat labs, almost 3000 Oracle WebLogic servers are reachable over the internet, based on Shodan statistics. Attackers are targeting potentially vulnerable WebLogic servers using at least […]

Google Services Weaponized to Bypass Security in Phishing

Google services

There was a spike in Phishing and business email compromises due to threat actors exploiting Google services. The attacks weaponize services such as Google Forms, Google docs, and Firebase on mobile to increase the legitimacy from the perspective of security filters and victims. Due to the open nature of the Google ecosystem, attackers are taking advantage […]

Remote Code Execution Discovered in Cisco Security Manager

Cisco Security Management

Multiple security advisories related to critical flaws in the Cisco Security Manager product have been released. These revelations come a week after patches for platform version 4.22 were released. A security researcher, Florian Hauser of Code White, disclosed proofs-of-concept for 12 vulnerabilities that affected the CSM web interface. These vulnerabilities make it possible for an […]

Mismanagement: Flaws in Privileged Management Apps Expose Machines to Attack

management apps expose machines to attack

The Intel Support Assistant utility was found to be vulnerable to privilege escalation through file manipulation and symbolic links, putting millions of Windows users at risk. The impact: The Intel Support Assistant was found to interact insecurely with nonprivileged data and directories, giving attackers the ability to execute code as privileged programs by modifying a […]

Secure Your SME to Detour Hacker Attacks

SME Hacker Attacks

It is estimated that six in ten SMEs that suffer a breach are likely to go out of business within six months. With COVID-19 having a huge impact on profitability this year, no business can easily recover financially from a cyber attack. Cyber security is essential to the business’s risk management programme regardless of size. […]

“Through The Cracks” NAT/Firewall Bypass Lets Hackers Access Any TCP/UDP Service

Hackers Access Any TCP/UDP Service

Security researcher, Samy Kamkar, has discovered a technique that allows an attacker to bypass NAT/Firewall protections, leading to remote access of any TCP/UDP port service on the target system. Dubbed “NAT Slipstreaming”, this attack involves social engineering, the attacker sends the victim a link to a malicious site or a legitimate site with adware. When […]

Hot seat – Hotspot Shield VPN New Privilege Escalation Vulnerability


A high-risk vulnerability, rated as 7.8 in CVSS v3.1, affecting Windows 10.3.0 and earlier exists in the Hotspot Shield VPN client software. This allows an authorised user to potentially perform local privilege escalation. The impact: The flaw exists in improper directory permissions on a log folder for the software client. It allows a local user […]

Netlogon Elevation of Privilege Vulnerability

The Zero logon flaw is not new but can still pose a risk to organisations that have not patched it yet. The name elevation of privilege vulnerability comes from a flaw in the login process, where the initialization vector is set to all zeroes when it should be a random number. The CVSS v3.0 score […]

Risk Crew