Whiff WAF
Way back in 2008, Alexander Boris de Pfeffel Johnson caused something of a stink about the origins of the game of Ping Pong. Boris (man of the people) claimed it to be invented not by the Chinese, but by the British, batting wine corks around after dinner as far away as The Raj using cigar […]
Exclusive: Teletext Holidays data breach exposes 212,000 customer call recordings
Article by Robert Scammell – Verdict British travel company Teletext Holidays has suffered a data breach in which some 212,000 customer call audio files were left unprotected on an online server for three years, exposing customer names, email addresses, home addresses, phone numbers and dates of birth. Truly Travels, trading as Teletext Holidays, formed out […]
NATO: Attack Like WannaCry Could Prompt “Collective Defense Commitment”
Article by Michael Hill – Infosecurity Magazine NATO secretary general Jens Stoltenberg has gone on record to state that a cyber-attack – such as the WannaCry outbreak of 2017 – would prompt a “collective defense commitment” from the intergovernmental military alliance between 29 North American and European countries. In Prospect Magazine, Stoltenberg wrote: “Attacks can affect every […]
IMPERVA DATA EXPOSURE – WAF CUSTOMERS AFFECTED
Priority: High Executive Summary: Imperva, an Internet Firewall Services provider has announced that on Tuesday 20th August they were alerted by a third party to a data exposure that includes email addresses, hashed and salted passwords and, for a subset of the Incapsula customers, hashed API keys and customer-provided SSL certificates for Cloud WAF customers […]
To the fullest extent possible
Last month my car was stolen and I have, out of necessity, been talking far too much to my insurance company, its agents, a recovery company, the Met, an unidentifiable intermediary of some kind and now a repair yard. Each has sent me numerous communications – some by post, some by email, one by Dropbox […]
Do not pass ‘Go’
Readers who managed to read this blog to the end last week will have read this: Finally, if you have implemented HTTP/2 services for public consumption, be aware that there are a number of network level bugs which can very simply take your servers off the air (the same servers that can be easily identified using […]
August 2019
View our Cyber Bulletin for August here.
KUBERNETES DENIAL OF SERVICE VULNERABILITIES (CVE-2019-9512, CVE-2019-9514)
Priority: High Executive Summary: Two severe vulnerabilities allowing for easy Denial of Service attacks against almost all versions of Kubernetes clusters have been released this week as part of a set of HTTP/2 implementation vulnerabilities. Kubernetes is an open-source container-orchestration system – analogous to lightweight virtual machines, with less of a requirement for isolation from […]
Cyber Incident Response – Boardroom Planning is Key
Reacting immediately to a cyber event could save your reputation. Data breaches, resulting in exposed credentials and damage to brand and reputation, continue to make headline news. As a result, cyber incident response is gaining more high-profile attention in the media and, crucially, in boardrooms across all industries. But, according to the UK Government’s 2020 […]
Micro Soft Target
Over the previous weeks, months and even years you will have read about serious vulnerabilities in Microsoft’s RDP code which appear to be cropping up with increasing regularity. Only last week we talked about the fact that RDP code is used in the management connectivity for Hyper-V and was vulnerable to fairly straightforward abuse enabling […]