Hafnium Targeting Exchange Servers

Priority: Critical Summary On 2nd March Microsoft released a number of fixes for vulnerabilities affecting on-premises installations of Exchange Server. The vulnerabilities are being actively exploited by an Advanced Persistent Threat Microsoft have dubbed ‘Hafnium’. 1 Customers should apply these patches immediately and monitor their Exchange Server deployments for any sign of compromise. Exchange Online […]

Windows TCP IP Remote Code Execution

Priority: Critical Summary:On 9th February Microsoft released a number of fixes for vulnerabilities in Windows’ TCP/IP implementation, including two that can lead to remote code execution (RCE).1 The associated CVE references are CVE-2021-240742, CVE-2021-240943, and CVE-2021-240864. The first two represent the RCE vulnerabilities, and the third is a denial of service (DoS) vulnerability. Microsoft state […]

Solarwinds Supply Chain Attack (Sunburst Malware)

Priority: Critical Executive Summary: A highly sophisticated attack using a trojanised version of SolarWinds’ Orion software has been discovered, affecting both private and public organisations globally.1 The attack is believed to have started as early as Spring 2020 and is still ongoing, making this an imminent threat to any organisation using SolarWinds Orion. The attackers […]

MAZE RANSOMWARE ATTACKS

Priority: High Executive Summary: Cognizant, an IT services provider based in the US, has confirmed it has fallen victim to the Maze ransomware. Their statement was released over the weekend (Saturday 18th April), confirming that the security incident had caused disruption to some of their customers, and was followed by an update on Sunday 19th […]

Cyber Incident Response – Boardroom Planning is key

Reacting immediately to a cyber event could save your reputation. 2019 is on track to be the worst year so far for data breaches, with billions of records exposed in the first six months. As a result, Incident Response (IR) is gaining more high-profile attention in the media and, crucially, in boardrooms across all industries. […]

Who monitors employee monitoring when AI is in the driving seat?

Article by Davey Winder – SC Magazine Enterprises are increasingly monitoring employees by way of their email and social media usage. Given that increasingly this kind of monitoring is being done by AI-powered technologies, there are ethical questions that have to be asked. So SC Media UK asked them. When Gartner surveyed large organisations last […]