Please consider updating your browser. Some parts of the website may not function as intended.

Get WFH Cyber Security at the Forefront of Staff’s Minds

wfh cyber security

Is your staff is staying resilient with protecting company information assets now that Working from Home (WFH) is the ‘Now Normal’? Do you know if they are aware of the tactics that threat actors are using, and do they have cyber security front of mind? If you are unsure, you are not alone. Last year, […]

“Too Much Information” Millions of Social Profiles Leaked by Chinese Data-Scrapers

Social profiles leaked

A cloud misconfiguration by the Chinese social media management company SocialArks exposed 318 million records from Facebook, Instagram, and LinkedIn. More than 400GB of public and private profile data for 214 million social-media users world-wide.  The leak stems from a misconfigured ElasticSearch database, which contained Personally Identifiable Information (PII). Researchers discovered that the server was publicly exposed without a […]

“Deframed” Zend Framework Remote Code Execution Vulnerability Revealed

php sites

An untrusted deserialization vulnerability in the Zend Framework was disclosed this week. If exploited by attackers, they can achieve Remote Code Execution (RCE) on PHP Sites. This vulnerability could impact some instances of the Laminas project, which is Zend’s successor. Zend Framework is built from PHP packages and used by developers to build object-orientated web […]

The Critical Golang XML Parser Bug Can Cause SAML Authentication Bypass

Critical Golang XML parser bug

How the Critical Golang XML parser bug cause SAML authentication bypass? Security researchers at Mattermost, coordinating with the Go security team disclosed three critical vulnerabilities within the Go languages XML parser. If exploited, these vulnerabilities can lead to a complete bypass of Security Assertion Mark-up Language (SAML) authentication, as the vulnerabilities impact Go’s implementation of […]

Vulnerability Scanning and Penetration Testing – Know the Difference

There are a variety of different ways to assess the security integrity of the systems that process, store, or transmit your information assets. But I find it odd that this far down the cyber security road, a lot of businesses still don’t understand the basic difference between Vulnerability Scanning and Penetration Testing. I know it […]

Breach Alert: SolarWinds Orion Network Backdoor Compromise

Backdoor Attack

Please be advised that SolarWinds has issued an urgent security advisory for their Orion Platform. It’s claimed that nation-state actors aggressively targeted at least two U.S. Government Agencies to include the US Department of Treasury and the National Telecommunications and Information Administration. Additionally, other global organisations in various industries ranging from telecoms, major retail chains […]

“Wormhole” Wormable Zero-Click Vulnerability in Microsoft Teams

Microsoft teams vulnerability

A Security Engineer at Evolution Gaming has discovered a Cross-site Scripting (XSS) vulnerability on the domain. This could be abused to trigger a Remote Code Execution (RCE) flaw in the Microsoft Teams Desktop Application. According to the researcher, an attacker simply needs to send a specially crafted message to any Teams user or channel […]

5 Tips to Stay Secure When Shopping Online

Stay Secure when Shopping Online

With the holiday season quickly approaching and the Pandemic tier level restrictions being unclear, many of us are turning to online shopping to purchase gifts this year. In fact, a recent Springboard survey of 1,000 shoppers reported that 61.2% plan to spend more online with only 20.4% spending at bricks and mortar stores this season. […]

Do NOT follow this link or you will be banned from the site!