January – March 2021
View our Cyber Bulletin here.
Rethinking Healthcare’s Cyber Defence Strategy
Cyber attacks on healthcare organisations skyrocketed in 2020, with the surge showing no signs of abatement, as opportunistic criminals looked for ways to exploit the Covid-19 crisis. Threats from nation states and criminals to healthcare organisations continue to be a growing concern. The huge logistical challenge of rolling out vaccines faces the risk of disruption […]
CRITICAL F5 BIG-IP AND BIG-IQ VULNERABILTIES
Priority: Critical Summary Enterprise networking vendor F5 Networks has released details of multiple critical remote code execution (RCE) vulnerabilities affecting most versions of BIG-IP and BIG-IQ. F5 is urging all customers to update their deployments as soon as possible. 1 The four most critical vulnerabilities include a pre-authentication RCE vulnerability, which would allow an unauthenticated […]
Cloud Security Firm Qualys Falls Victim to Cyber Attack
Priority: High Summary On March 3rd 2021, a group known as Clop leaked files which appeared to originate from vulnerability management provider Qualys. These included documents such as purchase orders and scan reports [1]. Qualys later released a statement explaining that they were aware of the issue and that they believe it relates to a […]
Hafnium Targeting Exchange Servers
Priority: Critical Summary On 2nd March Microsoft released a number of fixes for vulnerabilities affecting on-premises installations of Exchange Server. The vulnerabilities are being actively exploited by an Advanced Persistent Threat Microsoft have dubbed ‘Hafnium’. 1 Customers should apply these patches immediately and monitor their Exchange Server deployments for any sign of compromise. Exchange Online […]
Critical Remote Code Execution Vulnerability In Vsphere Client
Priority: Critical SummaryVMware published a security advisory on Tuesday, 23rd February describing three vulnerabilities affecting their vCenter Server, ESXi and Cloud Foundation products (VMSA-2021-0002). Of the three vulnerabilities, CVE-2021-21972 is the most critical with a CVSSv3 score of 9.8 out of 10. This is an unauthenticated remote code execution (RCE) vulnerability found in the HTML5 […]
Windows TCP IP Remote Code Execution
Priority: Critical Summary:On 9th February Microsoft released a number of fixes for vulnerabilities in Windows’ TCP/IP implementation, including two that can lead to remote code execution (RCE).1 The associated CVE references are CVE-2021-240742, CVE-2021-240943, and CVE-2021-240864. The first two represent the RCE vulnerabilities, and the third is a denial of service (DoS) vulnerability. Microsoft state […]
December 2020
View our Cyber Bulletin for December here.
Forrester TEI Report – Microsoft Azure Sentinel
Last month, Forrester released a Total Economic Impact (TEI) research document which revealed significant cost savings and business benefits associated with using Microsoft Azure Sentinel. To be clear – it revealed those benefits when the users switched from an existing traditional SIEM or “SIEM-like” (whatever that is) logging and correlation infrastructure. There are a lot […]
Sunburst – More heat than light
By now it is unlikely that anybody working in the cyber security industry is unfamiliar with the SolarWinds breach and code compromise, now known as the Sunburst hack. To recap; FireEye, on discovering that some of their intellectual property in the form of their offensive and red-teaming tools had somehow become available in the shadier […]