Common Vulnerabilities and Exposures – October 2022

Critical Zoho ManageEngine RCE Vulnerability On the 22nd September 2022, the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical unauthenticated Remote Code Execution (RCE) vulnerability affecting Zoho ManageEngine products to their Known Exploited Vulnerabilities catalog. This vulnerability has a CVSS score of 9.8 and exploits a java deserialisation vulnerability that allows an unauthenticated […]

Hacks – October 2022

September saw a significant number of cyber breaches with Uber, Rockstar Games and Optus all impacted within a week. The attack methods observed in these breaches were MFA fatigue attacks and a vulnerable public API in the case of the Optus breach. MFA fatigue attacks are becoming a more frequently used MFA bypass technique, where […]

Partner News – Check Point Harmony Offer

Email Security   It’s hard to believe – but most organisations are still seeing unwanted, potentially malicious emails in their inboxes. The reasons for this are many and varied, but in summary, they come down to three main challenges;   1. Attackers do what works. Threat actors are investing significant time and resources to improve the […]

Hacks – May 2022 – Follina Zero Day Vulnerability

Tips and Tricks to mitigate and prevent “Follina”: Turn off the preview pane in file explorer and Microsoft Outlook. File explorer – go to the View menu tab, if preview pane is highlighted, click it to disable Microsoft Outlook – File > Options > Trust Center > Trust Center Settings,and then select Attachment Handling. Click Turn off Attachment Preview Always verify […]

Common Vulnerabilities and Exposures May 2022 – Follina Zero Day Vulnerability

A new zero-day vulnerability affecting office applications, dubbed “Follina”, has been discovered in the past few days. This vulnerability functions as a “zero click” remote code execution, where the exploit can be executed without actually needing to open the file. Follina works by exploiting the Microsoft Diagnotic Tool (msdt), which runs even when macros have […]

Polkit Vulnerability CVE-2021-4034 (Local privilege escalation vulnerability)

On Tuesday (25 January 2022), Qualys announced a local privilege escalation vulnerability (CVE-2021-4034) affecting several distributions of Linux such as Fedora, Debian, Ubuntu, CentOS and more.  The disclosed vulnerability exploits Polkit opensource application that negotiates the interaction between privileged and unprivileged users. This vulnerability is both simple and universal. This vulnerability is of ‘’Important’’ severity […]

Hacks – Keep your Operating System safe

TIPS TO KEEP YOUR OPERATING SYSTEM SAFE Apple and Microsoft take great care in providing a safe and secure operating system for you to use in everyday life. There are several things you can do to keep everything working correctly and to make sure you stay safe. Also, your IT Team are there to support […]

Common Vulnerabilities and Exposures

CVE-2022-24460 – Tablet Windows User Interface Application Elevation of Privilege Vulnerability Released: 8/3/2022 Severity: High   Description: An exploit was discovered in Microsoft Windows 10, 11, Server 2016 and Server 2022 that allows an authenticated user to escalate their privilege to a system administrator. The vulnerability is in tablet mode for windows, requiring a complex […]

Standard Operating Environment (SOE) traps to avoid

Deviations from the norm – Standard Operating Environment (SOE) traps to avoid In the numerous security assessment audits and incident response activities that the Brace168 team have conducted over the years, we have learnt that what seems like a minor, negligible deviation from the norm are typically the things that can bring an organisation’s cyber […]

Check Point Harmony Authentication

As we continue to work remotely and consume key business resources as services – the shared responsibility model for these externalised services demands strong and intelligent authentication. The traditional ‘function: security’ spectrum has always tended to be less user friendly, requiring users to present credentials and knowledge, as well as responding to various challenges and […]