Secrutiny Blog
Adobe Patches Security Vulnerabilities in Flash Player
Trouble strikes again as Adobe patches security vulnerabilities in Flash Player – including a zero-day vulnerability that has been spotted being exploited in the wild.
read more
Juggling Security Risks and Balancing Priorities with Simon Crumplin, CEO of Secrutiny Ltd.
Whether you are the CIO, the CISO or a Business Engagement Manager, your life is a constant battle to ensure a reasonable security posture while balancing costs, usability, technology, user behaviour, transformation and agility. Suffering a breach is no longer a question of “if,” but “when” and “how big”.
read more
Emotet Banking Trojan Seen Taking Advantage of Privileges of Local Administration Shares
In the month of November, a UK law firm learnt the hard way the importance of limiting privileges of the local administration shares on their endpoints when the popular Emotet malware appeared in their estate.
read more
Shodan: The Search Engine for the Internet of Things
Shodan is a free security tool helping defenders keep track of all the computers on their network that are directly accessible from the Internet. Shodan makes it easy to search a subnet or domain for connected devices, open ports, default credentials, even known vulnerabilities.
read more
Same Old File Types, Brand New Spam Campaigns
Spam and phishing campaigns remain a firm favourite infection vector for malicious actors but cybercriminals appear to be expanding the file types they abuse in an effort to find more effective ways to distribute malware.
read more
Researchers Report Vulnerability in Microsoft Word Online Video Feature
Researchers at Automated Breach and Attack Simulation solution provider Cymulate have reportedly found a vulnerability in Microsoft Word’s online video feature that allows threat actors to replace legitimate YouTube iframe code with malicious HTML/JavaScript code.
read more
New RTF-Based Campaign Distributing Agent Tesla and Loki Trojans
A new RTF-based campaign has been discovered by researchers at Cisco Talos that is distributing two different sophisticated information stealing trojans: ‘Agent Tesla’ and ‘Loki’, that has slipped under the radar of common anti-virus solutions. Learn more…
read more
Surge in PowerShell Malware Infections from Phishing Campaign
Last week Secrutiny Analysts investigated suspicious emails sent to multiple employees within an organisation. The phishing emails could easily have been mistaken for genuine emails since it included the correct name and details of the victims. However, upon closer inspection, the emails were found to not be targeted at the organisation but part of an ongoing campaign using PowerShell. Learn more…
read more