Published by Wordfence: 2020-02-18 No known CVE “This flaw allows attackers to remotely execute code on a site with the plugin installed, including the ability to execute code that can inject administrative user accounts. This vulnerability has not yet been patched. We are only trying to get the word out so people can remove the […]
Published by Microsoft: 02/11/2020 MITRE CVE-2020-0618 “A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account.” There exists a proof of concept and write-up. Basefarm considers this a […]
“Researchers detail the process of finding two flaws in the Azure Stack architecture and Azure App Service, both of which have been patched.” “Check Point Research analysts who discovered two vulnerabilities in the Microsoft Azure cloud infrastructure have published the details of how these flaws were found and how attackers could potentially use them.” Read […]
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Pen Test Partners has a great blog-post about one of their recent adventures. This is a little bit out of the normal scenario for many, but this is regarding a finding they did on […]
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Cisco Talos has published details regarding an APT campaign using DNS redirection and a malware they call DNSpionage. The malware supports both regular HTTP and also DNS tunneling as a way of communicating back […]
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Advanced attackers, most likely from Russia, seem to be in the reconnaissance phase of a cyber war, according to a research report from threat hunting firm Vectra. The attackers are using stealthy tactics seemingly […]
This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT). “Most dynamic content attacks are launched against content delivery networks. The attacker uses networks of infected hosts or botnets to request non-cached content from the target. If enough of these requests are made, the […]
This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT).
Cyber security is increasingly important to companies. We went to DEF CON to see what the hackers were doing.
New Spectre attack enables secrets to be leaked over a network In a paper named “NetSpectre: Read Arbitrary Memory over Network” researchers from Graz University of Technology, including one of the original Meltdown discoverers, Daniel Gruss, have described NetSpectre: a fully remote attack based on Spectre. With NetSpectre, an attacker can remotely read the memory […]