Please consider updating your browser. Some parts of the website may not function as intended.

Netlogon Elevation of Privilege Vulnerability

The Zero logon flaw is not new but can still pose a risk to organisations that have not patched it yet. The name elevation of privilege vulnerability comes from a flaw in the login process, where the initialization vector is set to all zeroes when it should be a random number. The CVSS v3.0 score […]

A Flaw in the Windows TCP/IP Protocol Stack

TCP/IP Protocol Stack

A flaw in the Windows TCP/IP protocol stack implementation has been discovered, this is related to driver handling of IPv6 (IP version 6), whereby a threat actor can perform a Denial of Service (DoS) attack and may gain the ability to execute arbitrary code on the target. This works by exploiting a logic error in […]

“Playing Leapfrog” Default Password Usage Allows for Jfrog Artifactory Account Compromise

Jfrog Artifactory

Jfrog Artifactory is a DevOps solution that aims to provide automation throughout an application delivery process and its goal is to improve productivity. It boasts many useful features for the deployment of applications and can be integrated with a client’s cloud infrastructure. However, a vulnerability exists where administrator accounts do not require a password to […]

T2 Security Chip in Mac a Computer Contains an “Unpatchable” Vulnerability

Security researchers have discovered a flaw, wherein two techniques are used to remove the restrictions apple puts in place (commonly known as Jailbreaking) are combined. Together, the Jailbreaking techniques exploit a vulnerability in Mac computers’ T2 Security Chip, which in turn allows an attacker to decrypt data and or plant malware on the device. Unpatchable […]

Top 8 Metrics to Collect During Red Team Testing

Why should we collect metrics in a red team test? Metrics are a valuable way of measuring changes and improvements over time. A red team test is conducted to assess the controls and lack of controls in place to stop an attacker achieving certain goals. By using metrics during red team testing, you can observe […]

“Shark on the Router” (Authentication Bypass in Wireless Router Chipsets)

Multiple wireless router chipsets were discovered to be vulnerable to authentication bypass, giving a threat actor control of network traffic passing through the affected device(s). A successful attack occurs when an attacker injects arbitrary (unencrypted) packets into networks with WPA2 protection. Upon injection, the packets are considered to be legitimately routed traffic and encrypted responses […]

BLE Vulnerability Leads to Broken Authentication and Malicious Data Transfer

A successful Bluetooth Low Energy Spoofing Attack (BLESA) allows threat actors to connect with a device (by getting around reconnection authentication requirements) and send spoofed data to the device. This first starts with malicious packets fooling the device into behaving abnormally and attackers manipulating the device to feed it misleading information. The vulnerability affects Linux, Android, […]

What to Include in Your Security Testing Supplier’s Agreement

A successful penetration test requires good preparation with an airtight service-level contract between the customer and a supplier that helps both to achieve the ultimate goal: security. Listed in this post are some important items to include in the contract. These are by no means a full and comprehensive list but should serve to help […]

Cyber Security After COVID-19: How to Protect Your Business

Cyber security after covid-19

What is cyber security after COVID-19? We have now passed the stage of emergency policies and procedures being implemented, new technology being procured outside a normal tender and we have determined our businesses tasks that cannot be performed remotely since they require strict supervision. There were a few hiccups, lessons learned, but we are there […]

Do NOT follow this link or you will be banned from the site!