What are the Signs of a Social Engineering Attack and How Can you Prevent Them? Social engineering is the most significant risk in the cyber threat landscape today. Over 98%[1] of cyber attacks rely on social engineering target staff as the primary attack vector, but many of you already know that. What are the signs […]
Multiple security advisories related to critical flaws in the Cisco Security Manager product have been released. These revelations come a week after patches for platform version 4.22 were released. A security researcher, Florian Hauser of Code White, disclosed proofs-of-concept for 12 vulnerabilities that affected the CSM web interface. These vulnerabilities make it possible for an […]
The Intel Support Assistant utility was found to be vulnerable to privilege escalation through file manipulation and symbolic links, putting millions of Windows users at risk. The impact: The Intel Support Assistant was found to interact insecurely with nonprivileged data and directories, giving attackers the ability to execute code as privileged programs by modifying a […]
It is estimated that six in ten SMEs that suffer a breach are likely to go out of business within six months. With COVID-19 having a huge impact on profitability this year, no business can easily recover financially from a cyber attack. Cyber security is essential to the business’s risk management programme regardless of size. […]
Security researcher, Samy Kamkar, has discovered a technique that allows an attacker to bypass NAT/Firewall protections, leading to remote access of any TCP/UDP port service on the target system. Dubbed “NAT Slipstreaming”, this attack involves social engineering, the attacker sends the victim a link to a malicious site or a legitimate site with adware. When […]
A high-risk vulnerability, rated as 7.8 in CVSS v3.1, affecting Windows 10.3.0 and earlier exists in the Hotspot Shield VPN client software. This allows an authorised user to potentially perform local privilege escalation. The impact: The flaw exists in improper directory permissions on a log folder for the software client. It allows a local user […]
After 30th December 2020, the Brexit transition period will end. This has implications for the transfer of personally identifiable information (PII) out of the EU/EEA to the UK. To get around this the UK plans to reach an adequacy agreement with the EU so that things can continue pretty much as they are. By incorporating […]
The Zero logon flaw is not new but can still pose a risk to organisations that have not patched it yet. The name elevation of privilege vulnerability comes from a flaw in the login process, where the initialization vector is set to all zeroes when it should be a random number. The CVSS v3.0 score […]
A flaw in the Windows TCP/IP protocol stack implementation has been discovered, this is related to driver handling of IPv6 (IP version 6), whereby a threat actor can perform a Denial of Service (DoS) attack and may gain the ability to execute arbitrary code on the target. This works by exploiting a logic error in […]
Jfrog Artifactory is a DevOps solution that aims to provide automation throughout an application delivery process and its goal is to improve productivity. It boasts many useful features for the deployment of applications and can be integrated with a client’s cloud infrastructure. However, a vulnerability exists where administrator accounts do not require a password to […]