Please consider updating your browser. Some parts of the website may not function as intended.

Microsoft WPBT Vulnerability Allow Hackers to Install Rootkits on Windows Devices

Microsoft WPBT Vulnerability

Security researchers from the Eclypsium research team have discovered a vulnerability in the Windows Platform Binary Table (WPBT) that allows attackers to install rootkits on all Windows devices shipped since 2012. WBPT is a fixed firmware ACPI (Advanced Configuration and Power Interface), introduced in Windows 8 to allow vendors to execute programs when the devices […]

What are the Benefits of a vCISO

There is no doubt that the number of qualified and available to hire cyber security experts is decreasing. A study by the Center of Cyber Safety and Education identified that there may be close to 100,000 unfilled UK cyber security jobs by 2022. With this staggering statistic, it’s no wonder why many organisations battle to […]

“Continuity Issues” Private Repository Contents Leak by Travis Cl

Contents Leak by Travis Cl

The maintainers of Travis CI, a continuous integration provider located in Berlin, have patched a vulnerability that exposes API and signing keys as well as access credentials to unauthorised third parties. This vulnerability possibly impacts thousands of companies and the maintainers have been criticised for not releasing any technical advisories on the issue itself. The […]

“Double-barrelled” Zloader Attacks Disable Windows Defender to Evade Detection

disable windows defender

An ongoing Zloader campaign utilises a new methodology to disable Microsoft Defender Antivirus. Formerly known as Windows Defender. Microsoft Defender Antivirus is currently running on over a billion instances of Windows 10, according to Microsoft’s own statistics. The threat actors have begun to utilise various applications such as Discord, TeamViewer and Zoom advertisements on Google […]

SaaS Security – The Essentials

saas security

Software companies have naturally embraced the cloud. It provides countless benefits for their clients, ranging from the lack of installation or maintenance of on-premises solutions to the ease of scalability. However, with benefits come risks as it provides Threat Actors with a single, centralised internet-facing target. Consequently, security becomes paramount. If you are a SaaS […]

Why Are SOC 2 Assessments Becoming More Popular in the UK and Europe?

soc 2 assessments

This is a guest article written by Ty Brush. The author’s views are entirely his own and do not necessarily reflect the views of Risk Crew. Enjoy! Many European and UK organisations are already ISO 27001 (Information Security Management) certified, and rightfully so as the International Information Security Standard (ISO 27001) serves as the principal cyber security standard […]

Netgear’s Smart Switches Affected by Multiple Vulnerabilities

Netgear’s Smart Switches Affected by Multiple Vulnerabilities

Netgear has released patches for the firmware version of more than a dozen smart switches used in corporate networks. The patches address three high impact vulnerabilities, two of which have exploit code publicly available. Netgear has identified these bugs as PSV-2021-0140, PSV-2021-0144, PSV-2021-0145, CVE tracking numbers are yet to be assigned. Additionally, many products affected […]

Critical Bug Hacking into IoT Devices

hacking into iot devices

Security experts are sending out a high alert on a critical vulnerability that heavily affected tons of devices used worldwide that are connected to the ThroughTek’s Kalay IoT cloud platform. The Impact The vulnerability impacts products from different companies that produce reconnaissance and video solutions that include home computerised IoT frameworks, which utilise the Kalay […]

Death by Trust – The Dangers of Whitelisting

dangers of ransomware

Introduction Whitelisting is a cyber security strategy where a user granted administrative rights could take action on their computer. However, rather than attempting to keep one stride in front of threat attackers to recognise and obstruct malicious code, the IT staff would rather order a rundown of supported applications that a computer or a mobile […]

Risk Crew