Severe Vulnerability Discovered in Java Logging Package – Log4j

Code for ethical hacking and security testing

Some of you may know, a severe vulnerability was discovered in Log4j, a Java logging package. This ubiquitous package is included in products such as Apache and Apple products. Worse yet, this component is so widely used — that it is believed to be within multiple components within applications. This means that security teams worldwide […]

Siege Warfare – WordPress Sites Under Attack for 36 hours

Wordpress Plugins Hacked

WordPress sites have been under attack for 36 hours, from 16,000 IP addresses. Threat Intelligence Analysts from Wordfence, have reported an ongoing assault against 1.6 million WordPress sites. The traffic originates from 16,000 IPs and threat actors appear to be targeting four WordPress plugins and fifteen Epsilon Framework themes. One of which has no patch […]

“Cryptic Clouds” Hacker’s Compromise Google Cloud Accounts to Mine Cryptocurrency

Picture showing Google logo and a cloud

Threat actors are actively exploiting a misconfigured Google Cloud Platform (GCP) infrastructure to mine cryptocurrency. Google’s recent threat horizon report detailed that out of 50 recently compromised GCP instances, 86% were used for crypto mining. Statistics show that 48% of intrusions were the result of poor password hygiene and or insecure API configurations. However, 26% […]

Breach Alert: SolarWinds Orion Network Backdoor Compromise

windows containers

Please be advised that SolarWinds has issued an urgent security advisory for their Orion Platform. It’s claimed that nation-state actors aggressively targeted at least two U.S. Government Agencies to include the US Department of Treasury and the National Telecommunications and Information Administration. Additionally, other global organisations in various industries ranging from telecoms, major retail chains […]

How To Increase InfoSec Awareness With Content Dispatches [Infographic]

In this landscape, keeping your staff engaged is key to creating and maintaining a culture of information security awareness. The key is giving them a constant ‘drip-feed’ of illumination in the form of bite-sized multi-media dispatches. Here’s an infographic to show you how Now that we have shown you the key to how we keep your staff engaged […]

Risk Crew