Do not pass ‘Go’

Readers who managed to read this blog to the end last week will have read this: Finally, if you have implemented HTTP/2 services for public consumption, be aware that there are a number of network level bugs which can very simply take your servers off the air (the same servers that can be easily identified using […]

Micro Soft Target

Over the previous weeks, months and even years you will have read about serious vulnerabilities in Microsoft’s RDP code which appear to be cropping up with increasing regularity. Only last week we talked about the fact that RDP code is used in the management connectivity for Hyper-V and was vulnerable to fairly straightforward abuse enabling […]

It’s all about the vector Vernon

Warning! This is a bit of a long one, a holiday special, but there is a prize for the most eagle-eyed readers. Details below. There we were post/during/pending holiday mode, rather hoping we would be resting on our laurels, when a wave of cyber breaches brought us to our senses just as we were trying […]

Sonic Boom

It has been an un-seasonably frenetic week in the Cyber Security coal mines this week, so much so that this week’s rant is going out a day early, for reasons obvious, as you will see below. As ever we will try to cover off as much as we can but are always ready to help, […]

Barr Humbug

Unfortunately we will not be talking about the legendary A.G.Barr, Scottish manufacturer of the insanely popular Irn Bru, which until 2009 at least was ‘Made in Scotland from Girders’. No, we will be talking about a distinctly less sweet member of the Barr diaspora, although almost certainly also made from girders, William Barr. For those […]

Mug Shot

Unless you have been participating in one of those tiresome live ‘off the grid’ challenges, and we mean a proper one, not one like these Dutch charlatans whose ‘off grid’ experience includes Internet access and DJ lessons rather than wild boar hunting, sticking and gutting which is proper ‘off grid’ activity in our book, you […]

To Fine, To Serve

Unless you have been stricken with memory loss, brainwashed by positive corporate messaging, or otherwise impaired, you will no doubt recall last year’s announcement that British Airways had lost a truckload of customers’ data which we covered in one of these missives and also updated as the numbers ebbed and flowed. In our update we […]

Silence is Golden

Do you remember reports about a Russian cybergang called Silence? They launched successful attacks against a number of Russian and other banks, predominately targeting ATM networks instructing them (probably via compromise of the backend) to dish out cash to mules who would phone up the hacking commander (mwahahaha) from the cashpoint and withdraw the monies, […]

Hip Hop

Regular readers of these ramblings will remember that we first reported about the nefarious activities of the Chinese hacking outfit APT10 way back in April 2017 after its activities were brought to public attention through brilliant work by PwC, BAE Systems and (the obviously silent(ish) partner) the UK National Cyber Security Centre (NCSC). To recap, […]

Delphic Oracle

For some time, we have heard rumours circulating in some of the darker parts of the web about issues with Oracle’s WebLogic, exploitable issues with proof of concept attacks being tested, sold and shared. On Tuesday this week, Oracle issued a critical advisory for CVE-2019–2729, which is a remote code execution (RCE) vulnerability for the […]