Blog
Blog
Multiple vulnerabilities in GameLoop – remote code execution, privilege escalation
Gameloop is an Android emulator released by Tencent. During our tests, we have identified multiple vulnerabilities which can lead to code execution and privilege escalation inside the guest operating system. CVEID: CVE-2020-29008 Name of the affected...
CVE-2020-29007 – remote code execution in Mediawiki Score
Score is a Mediawiki extension which generates musical notation based on user-provided Lilypond or ABC markup. During our tests, we have determined it is vulnerable to remote code execution through Scheme code embedded in Lilypond markup. CVEID:...
ReVoLTE – an attack exploiting the reuse of the same keystream by vulnerable base stations
A group of academics from Ruhr University Bochum and New York University Abu Dhabi have presented a new attack called 'ReVoLTE', that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted phone calls. The crux of the...
Cyber Kill Chain – what is it and how to use it to stop advanced methods of attack?
Recently the number of cyberattacks has increased year on year. It is also estimated that the number of attacks conducted with the use of ransomware increases by 350%¹ each year. Additionally, the Covid19 pandemic has caused an increase in the number of...
How to enable multi-factor authentication in Office 365
The coronavirus pandemic has forced many organisations to undergo a rapid digital transformation and switch to a remote workforce. This sudden change created a need for tools allowing users remote access to company resources. Within a couple of days,...
Cloud computing security – identity and access management comparison for GCP and AWS
Cloud computing is the foundation of many digital transformation projects. Currently, enterprises see progressively more value in the ability to scale the cloud environment, being able to transfer part of the responsibility for reliability onto a cloud...
Can Building Management Systems be Potential Attack Vectors for Industrial Control Systems?
For many enterprises, working with advanced industrial systems the simultaneous implementation and use of Building Management Systems (BMS) is necessary. However, because their functionality is not seen as crucial for the realisation of the enterprise’s main...
CVE-2020-10551 – privilege escalation in QQBrowser
QQBrowser is a web browser developed by Tencent. It is one of the most popular web browsers used in China. During our tests, we have found a vulnerability which allows an unprivileged local attacker to gain code execution as NT AUTHORITY\SYSTEM. CVEID:...
OT and IT department cybersecurity – linked or separate?
In factories, companies and enterprises, cybersecurity for IT and OT departments should not be treated as separate issues. Historically, OT engineers have treated IT as a necessary evil, some of them even would go as far as “locking the infrastructure away”...
Best practices for safe and secure remote work
In order to ensure the cyber security of operations for staff working remotely it is vital to implement a number of appropriate procedures and technical measures. Adequate preparation of devices and systems used, as well as maintaining appropriate safety...
News
Jak wykorzystać model #MitreATTACK do analizy zagrożeń?
Jak wkomponować go w procesy bezpieczeństwa w firmie?
Przeczytaj artykuł: https://seqred.pl/mitre-attck-analiza-atakow-w-celu-skuteczniejszej-ochrony/
#ITsecurity #cybersecurity
Czy wiesz, co producent lub integrator zapisał w Twoim sterowniku #PLC?
Które obszary są ważne przy ocenie bezpieczeństwa i jakości kodu?
Zapraszamy na wykład "Bezpieczeństwo kodu sterowników PLC" @JozefSulwinski i Michał Stępień na #InfraSECForum
https://infrasecforum.pl/agenda-2021/
Posiadasz doświadczenie w realizacji projektów związanych z oceną poziomu cyberbezpieczeństwa organizacji?
Dołącz do zespołu Seqred!
… lub poleć nam kogoś, kto pasuje na to stanowisko.
Sprawdź: https://seqred.pl/kariera/
#rekrutacja #cyberbezpieczeństwo #praca #pracaIT
Don’t miss "Hacking Advanced Metering Infrastructure" by @swaczynski_k at @TheHackSummit
LIVE streaming 5 XII, VoD like in Netflix until II 2021
Krzysztof will guide you through a complete #ICS attack vector aimed at compromising #smartmeters and #AMI
https://thehacksummit.com
Jak kompleksowo wbudować #cyberbezpieczeństwo we wszystkie fazy inwestycji w #smartbuilding?
To już ostatnia szansa, aby zapisać się na wirtualne spotkanie w ramach Projekt BMS, które poprowadzi @swaczynski_k
Zarejestruj się dziś: https://projektbms.pl
#facilitymanagement