Mine Host

A couple of weeks ago we talked about a serious vulnerability (wormable, apparently) now called BlueKeep in the Microsoft RDP server, for which emergency patches were released. As usual, our advice along with that of most sane security people, sysadmins and everyone in between was (and still is) to patch ASAP. It comes as no […]

Patient Zero

Have you heard of the mystery hacker SandboxEscaper? To refresh your memories, SandboxEscaper is an avid Windows enthusiast, as in breaking Windows. SbE (that is what we will refer to the hacking entity going forwards to save ink, trees etc.) has a notorious history of releasing zero-day exploits for Windows which we have reported on […]

Wealth firms failing to keep pace with rising cyber threats

Article by John Schaffer – CityWire Wealth firms are failing to keep pace with a growing wave of digital dangers, regulators and sector specialists have warned, after the Financial Conduct Authority identified a 187% increase in tech outages over the year to late 2017. The regulator found that too many wealth firms either rely on outdated, manual […]

Google Huawei ban: Huawei is in a chokehold. Can it escape?

Article by Robert Scammell – Verdict magazine The US is strangling China, but not with its own hands. In the latest escalation of the US and China’s trade war, US-based Google has restricted how Chinese telecoms giant Huawei can use its Android operating system on its devices. Any future Huawei devices will not have access […]

Wasssssup?

The Greeks knew it, the Carthaginians knew it and you knew it. This week’s missive would at least start with a discussion around the shrieking headlines regarding a vulnerability in the ever so popular, free to use (ahem) communications tool, WhatsApp. Hopefully we can take this discussion in a sensible(ish) direction without serving up lashings […]

MICROARCHITECTURE DATA SAMPLING

Priority: High Executive Summary: Intel have publicly disclosed a set of vulnerabilities involving side-channel attacks which allow microarchitecture data sampling (MDS), affecting Intel microprocessors. The four vulnerabilities are similar to Spectre/Meltdown in nature. The issue exists in Intel’s implementation of simultaneous multithreading, named Hyper-Threading. Microprocessor performance is improved by splitting a single physical processor core […]

REMOTE DESKTOP SERVICES ‘WORMABLE’ VULNERABILITY

Priority: High Executive Summary: Microsoft have addressed a remote code execution vulnerability found in their Remote Desktop Services (formally known as Terminal Services in Windows Server 2008 and earlier) affecting older versions of Windows prior to Windows 8. The security flaw, CVE-2019-0708, allows an attacker to send maliciously crafted packets towards a device running Remote […]

Prioritizing risks in a climate of geopolitical threats

Article in (IN)SECURE Magazine The cybersecurity landscape has become increasingly hostile in recent years, with a growing threat from common cybercriminals as well as the looming shadow of state-level geopolitical activity. Recent research commissioned by the UK government found that 32 percent of UK businesses have identified a breach or attack in the last 12 […]

Sadly Bradley

Once upon a time there was a man called Bradley who made a number of mistakes. Amongst them was deciding to leak a huge amount of United States secrets to The World via one Mr Julian Assange and his Wikileaks emporium. In a story that you really could not make up, after being captured, prosecuted […]

Huawei to judge?

We couldn’t start this week’s May Day Bank Holiday weekend missive without having a little chat about the Huawei debacle. As you will no doubt have read, the United States Government has been urging the UK to avoid using Huawei technology in the forthcoming 5G rollout (oh no, we are all going to die from […]