Trump’s Huawei warning to UK an empty threat: Former senior British intelligence officer
Article by Lucy Ingham – Verdict The threat by US President Donald Trump to block the UK’s access to the Five Eyes intelligence sharing community unless it bans Huawei technology from being used in its 5G network is very unlikely to be followed through, according to a former senior British intelligence officer. Trump is expected […]
CYBERSECURITY IN THE WAKE OF JULIAN ASSANGE
Article by James Fox – Verdict Encrypt The dramatic extraction of Julian Assange from London’s Ecuadorian embassy in April marked a key moment in the saga of the controversial WikiLeaks founder. But now that his refuge is over, what impact – if any – has he had on the world of cybersecurity? Julian Assange is […]
NCSC: Supply chain security guidance
Proposing a series of 12 principles, designed to help you establish effective control and oversight of your supply chain. Introduction The guidance will provide organisations with an improved awareness of supply chain security, as well as helping to raise the baseline level of competence in this regard, through the continued adoption of good practice. Whilst […]
Mine Host
A couple of weeks ago we talked about a serious vulnerability (wormable, apparently) now called BlueKeep in the Microsoft RDP server, for which emergency patches were released. As usual, our advice along with that of most sane security people, sysadmins and everyone in between was (and still is) to patch ASAP. It comes as no […]
Patient Zero
Have you heard of the mystery hacker SandboxEscaper? To refresh your memories, SandboxEscaper is an avid Windows enthusiast, as in breaking Windows. SbE (that is what we will refer to the hacking entity going forwards to save ink, trees etc.) has a notorious history of releasing zero-day exploits for Windows which we have reported on […]
Wealth firms failing to keep pace with rising cyber threats
Article by John Schaffer – CityWire Wealth firms are failing to keep pace with a growing wave of digital dangers, regulators and sector specialists have warned, after the Financial Conduct Authority identified a 187% increase in tech outages over the year to late 2017. The regulator found that too many wealth firms either rely on outdated, manual […]
Google Huawei ban: Huawei is in a chokehold. Can it escape?
Article by Robert Scammell – Verdict magazine The US is strangling China, but not with its own hands. In the latest escalation of the US and China’s trade war, US-based Google has restricted how Chinese telecoms giant Huawei can use its Android operating system on its devices. Any future Huawei devices will not have access […]
Wasssssup?
The Greeks knew it, the Carthaginians knew it and you knew it. This week’s missive would at least start with a discussion around the shrieking headlines regarding a vulnerability in the ever so popular, free to use (ahem) communications tool, WhatsApp. Hopefully we can take this discussion in a sensible(ish) direction without serving up lashings […]
MICROARCHITECTURE DATA SAMPLING
Priority: High Executive Summary: Intel have publicly disclosed a set of vulnerabilities involving side-channel attacks which allow microarchitecture data sampling (MDS), affecting Intel microprocessors. The four vulnerabilities are similar to Spectre/Meltdown in nature. The issue exists in Intel’s implementation of simultaneous multithreading, named Hyper-Threading. Microprocessor performance is improved by splitting a single physical processor core […]
REMOTE DESKTOP SERVICES ‘WORMABLE’ VULNERABILITY
Priority: High Executive Summary: Microsoft have addressed a remote code execution vulnerability found in their Remote Desktop Services (formally known as Terminal Services in Windows Server 2008 and earlier) affecting older versions of Windows prior to Windows 8. The security flaw, CVE-2019-0708, allows an attacker to send maliciously crafted packets towards a device running Remote […]