Why people are the glue in collective defence
Cyber security has historically been an independent almost secretive activity. Organisations have long been extremely reluctant to share any threats they face for fear it will damage their reputation. Similarly, sharing threat data with other organisations has often been viewed as giving away a competitive advantage. However, trying to face cyber threats alone only serves […]
Two days of Teams, Tech and (digital) Transformation?
https://www.linkedin.com/in/iainashall/ After two days (and a bit), Microsoft Inspire has come to an end. An opportunity for the Microsoft global partner community to extend their network and explore what’s coming in the year ahead, this year MS Inspire was a digital experience of webinars and breakout sessions using Teams. ITC Secure is a proud partner […]
A Day in the Life of a Threat Hunter
CRITICAL WINDOWS DNS VULNERABILITY CVE-2020-1350
[vc_row][vc_column][vc_column_text css=”.vc_custom_1594804007589{margin-bottom: 0px !important;}”]Priority: Critical Executive Summary: Microsoft’s Security Response Center (MSRC) announced on 14 July 2020, they have released an update to patch CVE-2020-1350, which is a critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that has a CVSS score of 10, the maximum severity.[1] [2][3] The vulnerability exists in the way […]
Critical F5 TMUI Vulnerability CVE-2020-5902
[vc_row][vc_column][vc_column_text css=”.vc_custom_1593787218989{margin-bottom: 0px !important;}”]Priority: Critical Executive Summary: Security vendor F5 have released details of a vulnerability in their Traffic Management User Interface (TMUI), also known as the Configuration Utility, that has a CVSS score of 10, the maximum severity possible.[1] [2] The vulnerability (CVE-2020-5902), brought to F5’s attention by Mikhail Klyuchnikov of Positive Technologies, affects […]
OUT-OF-BAND WINDOWS SECURITY PATCHES
Priority: High Executive Summary: Microsoft have issued urgent, out-of-band patches for two vulnerabilities found in the Windows Codecs Libraries.[1] The vulnerabilities, discovered by Abdul-Aziz Hariri of Trend Micro’s Zero Day Initiative, are CVE-2020-1425 and CVE-2020-1457. Both represent issues in the way in which the Windows Codecs Library handles certain objects in memory and exploiting these […]
Proactive Defence with Azure Sentinel
PAN-OS CRITICAL VULNERABILITY
Priority: Critical Executive Summary: Palo Alto Networks have released details of a critical vulnerability affecting PAN-OS, the operating system which runs on all Palo Alto next-generation firewalls [1]. The vulnerability, CVE-2020-2021, can allow attackers to bypass authentication, meaning an attacker can log into a server as an administrator. This means that a threat actor who […]