Blog
Blog
Let’s face it – Smart Buildings are insecure …
… but that can be fixed! A glimpse of an eye at downtown in any of major cities in Poland is enough to say that we can be proud of most recent commercial real estate developments. Office buildings became more ergonomic and tenant friendly, ongoing technology...
Multiple vulnerabilities in GameLoop – remote code execution, privilege escalation
Gameloop is an Android emulator released by Tencent. During our tests, we have identified multiple vulnerabilities which can lead to code execution and privilege escalation inside the guest operating system. CVEID: CVE-2020-29008 Name of the affected...
CVE-2020-29007 – remote code execution in Mediawiki Score
Score is a Mediawiki extension which generates musical notation based on user-provided Lilypond or ABC markup. During our tests, we have determined it is vulnerable to remote code execution through Scheme code embedded in Lilypond markup. CVEID:...
ReVoLTE – an attack exploiting the reuse of the same keystream by vulnerable base stations
A group of academics from Ruhr University Bochum and New York University Abu Dhabi have presented a new attack called 'ReVoLTE', that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted phone calls. The crux of the...
Cyber Kill Chain – what is it and how to use it to stop advanced methods of attack?
Recently the number of cyberattacks has increased year on year. It is also estimated that the number of attacks conducted with the use of ransomware increases by 350%¹ each year. Additionally, the Covid19 pandemic has caused an increase in the number of...
How to enable multi-factor authentication in Office 365
The coronavirus pandemic has forced many organisations to undergo a rapid digital transformation and switch to a remote workforce. This sudden change created a need for tools allowing users remote access to company resources. Within a couple of days,...
Cloud computing security – identity and access management comparison for GCP and AWS
Cloud computing is the foundation of many digital transformation projects. Currently, enterprises see progressively more value in the ability to scale the cloud environment, being able to transfer part of the responsibility for reliability onto a cloud...
Can Building Management Systems be Potential Attack Vectors for Industrial Control Systems?
For many enterprises, working with advanced industrial systems the simultaneous implementation and use of Building Management Systems (BMS) is necessary. However, because their functionality is not seen as crucial for the realisation of the enterprise’s main...
CVE-2020-10551 – privilege escalation in QQBrowser
QQBrowser is a web browser developed by Tencent. It is one of the most popular web browsers used in China. During our tests, we have found a vulnerability which allows an unprivileged local attacker to gain code execution as NT AUTHORITY\SYSTEM. CVEID:...
OT and IT department cybersecurity – linked or separate?
In factories, companies and enterprises, cybersecurity for IT and OT departments should not be treated as separate issues. Historically, OT engineers have treated IT as a necessary evil, some of them even would go as far as “locking the infrastructure away”...
News
Już dziś o 11:45 zapraszamy na wykład o bezpieczeństwie sterowników #PLC, który na #InfraSECForum poprowadzą @JozefSulwinski i Michał Stępień
Zapraszamy do zadawania pytań po wykładzie lub na wirtualnym stoisku Seqred.
#OTsecurity #InfraSEC #cybersecurity
🕵 #SharePointAdmin / #WebDesigner wanted for our international project in Belgium for a minimum 3 month period
Check the offer: https://lnkd.in/dcC6Ynz
apply to 📩 rekrutacja@seqred.pl
or share it with your colleague
#job #joboffer
Wie sicher ist die #Telematikinfrastruktur? Das zeigt eine #Sicherheitsanalyse der gematik. https://www.healthcare-computing.de/telematik-infrastruktur-auf-herz-und-nieren-geprueft-a-996678/
@gematik1 @sec_consult @Seqred_ #ITSicherheit
Jak wykorzystać model #MitreATTACK do analizy zagrożeń?
Jak wkomponować go w procesy bezpieczeństwa w firmie?
Przeczytaj artykuł: https://seqred.pl/mitre-attck-analiza-atakow-w-celu-skuteczniejszej-ochrony/
#ITsecurity #cybersecurity
Czy wiesz, co producent lub integrator zapisał w Twoim sterowniku #PLC?
Które obszary są ważne przy ocenie bezpieczeństwa i jakości kodu?
Zapraszamy na wykład "Bezpieczeństwo kodu sterowników PLC" @JozefSulwinski i Michał Stępień na #InfraSECForum
https://infrasecforum.pl/agenda-2021/