PRINTNIGHTMARE ZERO-DAY VULNERABILITY
Priority: Critical Executive Summary: Security researchers have accidentally published a proof-of-concept zero-day called “PrintNightmare” for all supported Windows devices including endpoints and servers. This vulnerability can be exploited to achieve both remote code execution and local privilege escalation. Tracked as CVE-2021-1675, the critical vulnerability exploits built-in Windows print spooler service. Background: Microsoft released a […]
ITC Secure launches in-house identity and access practice and next-generation cyber maturity management capability
New capabilities address the increase in complexities faced by CISOs to manage identity and access, and to make business risk tangible at board-level and included as part of their cyber security strategies London – June 16, 2021 – ITC Secure (ITC), a leading advisory-led cyber security services company, today announces its new in-house identity and […]
ITC Secure Joins Microsoft Intelligent Security Association (MISA)
MISA nomination enables close collaboration between members and demonstrates long-term commitment to the Microsoft relationship London – June 8, 2021 – ITC Secure (ITC), a leading managed security services provider (MSSP) and specialist cyber advisory firm, today announced it has joined the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors and managed […]
GOOGLE CHROME ZERO-DAY TYPE CONFUSION VULNERABILITY
Priority: High Summary: A critical vulnerability was found in Google Chrome (Web Browser) stemming from a type confusion issue in its V8 open-source engine which leads to a privilege escalation vulnerability and impacts confidentiality, integrity and availability. Tracked as CVE-2021-30551, the vulnerability was discovered by Sergei Glazunov from Google Project Zero. The exploitation is known […]
MICROSOFT WINDOWS JUNE 2021 ZERO-DAY VULNERABILITIES
Priority: High Summary: Kaspersky security researchers have discovered a new threat actor dubbed PuzzleMaker, who has used a chain of Windows 10 zero-day exploits in highly targeted attacks against multiple companies worldwide. The most harmful (assigned the catalogue number CVE-2021-33742) can allow malicious web pages to compromise the Windows operating system via Internet Explorer and […]
LESSONS FROM THE SOLARWINDS AND HAFNIUM BREACHES: PART TWO
In my previous blog, I talked about the need to rethink how our people, our teams and our businesses continue to operate securely. Evidenced by two recent state-sponsored cyber attacks – SolarWinds and the Hafnium hack on Microsoft Exchange Servers – the adversarial mindset of cyber criminals continually reinvents new ways to gain access to your […]
ITC Secure Achieves a Microsoft Gold Competency for Security
ITC Secure demonstrates best-in-class capability and market leadership through demonstrated technology success and customer commitment London – May 05, 2021 – ITC Secure (ITC), a leading managed security services provider (MSSP) and specialist cyber advisory firm, today announced it has attained a Microsoft Gold competency for Security, demonstrating a “best-in-class” ability and commitment to meet […]
ITC Secure announces strategic partnership with Centraleyes to offer next-generation cyber risk management
ITC Secure forms new partnership with Centraleyes to enrich current cyber advisory offerings London – May 4th 2021 – ITC Secure (ITC), the advisory-led managed security services provider, has formed a strategic partnership with Centraleyes, a leading integrated risk management platform provider, to offer a next-generation cyber risk management service. This announcement formalises the partnership […]
LESSONS FROM THE SOLARWINDS AND HAFNIUM BREACHES: PART ONE
In recent months, two of the most sophisticated and severe state-sponsored cyber attacks – SolarWinds and the Hafnium hack on Microsoft Exchange Servers – saw not only 18,000+ and 30,000+ companies and government organisations affected each, but also unintended victims within each respective supply chain. Both ‘zero day’ exploits afforded attackers a lengthy period of […]
Chromium-Based Vulnerabilities
Priority: High Summary: Security researcher known as ‘frust’ has recently published a zero-day POC (Proof of Concept) exploit on Twitter for a zero-day remote code execution vulnerability found on Chromium-based browsers. This follows from two other Chromium-based vulnerabilities which were released on 14th April 2021. [2] The recent vulnerability allows an attacker to open the […]