Is your staff is staying resilient with protecting company information assets now that Working from Home (WFH) is the ‘Now Normal’? Do you know if they are aware of the tactics that threat actors are using, and do they have cyber security front of mind? If you are unsure, you are not alone. Last year, […]
13
Jan
Jan
A cloud misconfiguration by the Chinese social media management company SocialArks exposed 318 million records from Facebook, Instagram, and LinkedIn. More than 400GB of public and private profile data for 214 million social-media users world-wide. The leak stems from a misconfigured ElasticSearch database, which contained Personally Identifiable Information (PII). Researchers discovered that the server was publicly exposed without a […]
05
Jan
Jan
An untrusted deserialization vulnerability in the Zend Framework was disclosed this week. If exploited by attackers, they can achieve Remote Code Execution (RCE) on PHP Sites. This vulnerability could impact some instances of the Laminas project, which is Zend’s successor. Zend Framework is built from PHP packages and used by developers to build object-orientated web […]
17
Dec
Dec
Can you believe we made it through 2020? Although it was challenging, it helped us to see our strengths and showed how adaptable many of us can be. Last year helped us come closer to you, our customer, and build stronger relationships by understanding your struggles and needs. When reflecting on last year, we […]
16
Dec
Dec
How the Critical Golang XML parser bug cause SAML authentication bypass? Security researchers at Mattermost, coordinating with the Go security team disclosed three critical vulnerabilities within the Go languages XML parser. If exploited, these vulnerabilities can lead to a complete bypass of Security Assertion Mark-up Language (SAML) authentication, as the vulnerabilities impact Go’s implementation of […]
15
Dec
Dec
There are a variety of different ways to assess the security integrity of the systems that process, store, or transmit your information assets. But I find it odd that this far down the cyber security road, a lot of businesses still don’t understand the basic difference between Vulnerability Scanning and Penetration Testing. I know it […]
14
Dec
Dec
Please be advised that SolarWinds has issued an urgent security advisory for their Orion Platform. It’s claimed that nation-state actors aggressively targeted at least two U.S. Government Agencies to include the US Department of Treasury and the National Telecommunications and Information Administration. Additionally, other global organisations in various industries ranging from telecoms, major retail chains […]
09
Dec
Dec
UK 2021 Data Protection Regime – Prepare & Future-Proof Compliance Welcoming 2021 with an insightful webinar, just in time to get you prepares for the upcoming years after Brexit. Time is running out for the UK to exit from the EU and we still don’t know if the UK is going to have a Data […]
08
Dec
Dec
A Security Engineer at Evolution Gaming has discovered a Cross-site Scripting (XSS) vulnerability on the teams.microsoft.com domain. This could be abused to trigger a Remote Code Execution (RCE) flaw in the Microsoft Teams Desktop Application. According to the researcher, an attacker simply needs to send a specially crafted message to any Teams user or channel […]
02
Dec
Dec
With the holiday season quickly approaching and the Pandemic tier level restrictions being unclear, many of us are turning to online shopping to purchase gifts this year. In fact, a recent Springboard survey of 1,000 shoppers reported that 61.2% plan to spend more online with only 20.4% spending at bricks and mortar stores this season. […]