The Zimbra webmail solution is affected by two serious vulnerabilities that could allow an attacker to gain complete access to an organisation’s sent and received emails. Zimbra released patches in June for these vulnerabilities, which a researcher at SonarSource discovered. CVE-2021-35208, the first of these vulnerabilities, is a stored cross-site scripting vulnerability affecting the Document […]
28
Jul
Jul
So, here is the scenario: you’re sitting at your desk working away and suddenly realise an attacker has taken over your screen. The threat actor is now demanding a hefty payment in exchange to release access to the system. You immediately report the incident to the Chief Information Officer and wait nervously to see what […]
21
Jul
Jul
If only it were as simple as the popular ‘XYZ’ Antivirus (AV) software solution is the best antivirus software and outperforms all the rest. But, unfortunately, sometimes marketing can be deceiving. As expected, popularity and quality do not go hand in hand with most AVs. As a result, there has been poor progress in AV […]
13
Jul
Jul
Several vulnerabilities have been discovered in the Frontend File manager plugin in WordPress, which allows a remote attacker to inject malicious JavaScript into vulnerable websites. This is a class of vulnerability known as cross-site scripting (XSS). In this scenario, the XSS allows an attacker to: Delete blog pages Create admin user accounts Gain remote code […]
13
Jul
Jul
Most of us are aware that there is a huge gap of qualified cyber security talent available to hire. A study by the Center of Cyber Safety and Education identified that there may be close to 100,000 unfilled UK cyber security jobs by 2022. With this staggering statistic, it’s no wonder why many organisations battle […]
07
Jul
Jul
REvil ransomware producers have ported their malware over to Linux to expand their campaigns. The primary objective appears to be to infect VMware’s ESXi virtual machine management software and Network-attached storage (NAS) devices. Researchers at AT&T’s Alien Labs have identified four samples in the wild. Whilst not unheard of, Linux attacks are rarer than compromises […]
06
Jul
Jul
If you are considering getting your organisation SOC 2 compliant, this blog should be an eye-opener. Obtaining SOC 2 compliance could be quite a time challenge in terms of preparation, process and finances. Many achievements come with obstacles, but SOC 2 does not have to be difficult if you plan well. It will be well […]
29
Jun
Jun
To get straight to the answer of how long it takes to reach SOC 2 compliance – in general, you can expect 6 months to acquire SOC 1 Type 1 and 12 months for the SOC 2 Type 2 report. However, this will vary per size of the organisation and readiness level. It seems like […]
28
Jun
Jun
As the question ‘why do I need a Cyber Essentials certification?’ continues to arise, Dr Emma Philpott, the Director and CEO of the IASME Consortium Ltd, answers intriguing questions and provides enlightening responses from her point of view in a recent webinar with Risk Crew. Give yourself a moment out of your day & enrich […]
24
Jun
Jun
Researchers at ZX Security discovered a chain of vulnerabilities that ends with Remote Code Execution in the Accellion Kitework® framework. Kiteworks is a secure file-sharing platform targeted at enterprise audiences that facilitates sharing, syncing, and modifying files between internal and external users on multiple devices. CVE 2021-31585 was discovered in the administrative functionality, specifically the […]