Sudo Vulnerability found affecting

A vulnerability has been discovered in the Sudo linux utility that can allow any users (even those with relatively low privileges) so execute commants with root privileges – a simple and immediately ‘privilage escalation’. The most worrying thing is that this vulnerability is vintage, starting to appear in a version of sudo rolled out as…

Read more

Social Engineering Explained

Social engineering is the term used to describe manipulating others in to providing or doing things on your behalf.  In popular culture, it is most commonly associated with cyber criminals but in reality many of the techniques used are similar to those used by confidence artists (“con artists”) for decades. Given then the widespread use…

Read more

Remote iPhone Hack

Ian Beer of Google’s Project Zero recently posted an article describing a vulnerability in iPhones allowing for a remote explotation, a simple video he posted on YouTube really demonstrates the terrifying scope of this vulnerability.  In it 26 iPhones of various types are laid out on the flaw with a laptop in shot with some additional…

Read more

SolarWinds Supply Chain Breach: The Worst in History?

SolarWinds touts its Orion enterprise monitoring software as providing a single pane of glass solution, that has quickly turned in to a single glass of pain. A sophisticated supply chain attack against the product has resulted in at least one – and almost certainly hundreds more – high profile breaches, including FireEye, a respected cyber…

Read more

Cyber Security Firm FireEye Hacked

Governments and organisations around the world are steeling themselves for what appears to be an ever-escalating increase in state-sponsored cyber attacks.  The US cybersecurity firm FireEye  recently announced it has attacked by a “highly sophisticated threat actor”, believing the hacking was nation stated sponsored with evidence pointing to Russia.. In a blog post, CEO of…

Read more

What is Cyber Essentials?

Cyber Essentials is a government backed scheme originally developed as a framework for anyone that wanted to provide services to particular areas of government or military but has since expanded out to be a more general cyber security guideline and framework. In order to become Cyber Essentials certified, organisations must adhere to a strict set…

Read more

WinRAR Vulnerability: A Vintage Threat

For users with might consider themselves of a certain ‘vintage’, they will almost certainly have come across the archiving/zipping tool WinRAR in their cyber travels. For those that don’t know, in medieval times, the ability to compress and uncompress (zip/unzip) files and folder wasn’t natively baked-in to Windows and other operating systems. If you want…

Read more

Backstory, Splunk’s Nemesis?

While ‘Bricktop’ from the film Snatch might his own idea of what “what “nemesis” means”, the dictionary defines it as “punishment or defeat that is deserved and cannot be avoided” Now I don’t know if Splunk deserve punishment but I do know their pricing is extortionate so anything that shakes up the SIEM market can…

Read more