What are the Signs of a Social Engineering Attack and How Can you Prevent Them? Social engineering is the most significant risk in the cyber threat landscape today. Over 98%[1] of cyber attacks rely on social engineering target staff as the primary attack vector, but many of you already know that. What are the signs […]
17
Nov
Nov
Multiple security advisories related to critical flaws in the Cisco Security Manager product have been released. These revelations come a week after patches for platform version 4.22 were released. A security researcher, Florian Hauser of Code White, disclosed proofs-of-concept for 12 vulnerabilities that affected the CSM web interface. These vulnerabilities make it possible for an […]
12
Nov
Nov
The Intel Support Assistant utility was found to be vulnerable to privilege escalation through file manipulation and symbolic links, putting millions of Windows users at risk. The impact: The Intel Support Assistant was found to interact insecurely with nonprivileged data and directories, giving attackers the ability to execute code as privileged programs by modifying a […]
11
Nov
Nov
It is estimated that six in ten SMEs that suffer a breach are likely to go out of business within six months. With COVID-19 having a huge impact on profitability this year, no business can easily recover financially from a cyber attack. Cyber security is essential to the business’s risk management programme regardless of size. […]
05
Nov
Nov
Security researcher, Samy Kamkar, has discovered a technique that allows an attacker to bypass NAT/Firewall protections, leading to remote access of any TCP/UDP port service on the target system. Dubbed “NAT Slipstreaming”, this attack involves social engineering, the attacker sends the victim a link to a malicious site or a legitimate site with adware. When […]
28
Oct
Oct
A high-risk vulnerability, rated as 7.8 in CVSS v3.1, affecting Windows 10.3.0 and earlier exists in the Hotspot Shield VPN client software. This allows an authorised user to potentially perform local privilege escalation. The impact: The flaw exists in improper directory permissions on a log folder for the software client. It allows a local user […]
28
Oct
Oct
After 30th December 2020, the Brexit transition period will end. This has implications for the transfer of personally identifiable information (PII) out of the EU/EEA to the UK. To get around this the UK plans to reach an adequacy agreement with the EU so that things can continue pretty much as they are. By incorporating […]
21
Oct
Oct
The Zero logon flaw is not new but can still pose a risk to organisations that have not patched it yet. The name elevation of privilege vulnerability comes from a flaw in the login process, where the initialization vector is set to all zeroes when it should be a random number. The CVSS v3.0 score […]
14
Oct
Oct
A flaw in the Windows TCP/IP protocol stack implementation has been discovered, this is related to driver handling of IPv6 (IP version 6), whereby a threat actor can perform a Denial of Service (DoS) attack and may gain the ability to execute arbitrary code on the target. This works by exploiting a logic error in […]
14
Oct
Oct
Jfrog Artifactory is a DevOps solution that aims to provide automation throughout an application delivery process and its goal is to improve productivity. It boasts many useful features for the deployment of applications and can be integrated with a client’s cloud infrastructure. However, a vulnerability exists where administrator accounts do not require a password to […]