DTX Manchester DTX Manchester

Cyber Crime

An undisclosed Cross-Site Scripting (XSS) vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA, BleepingComputer reported today. Although 90 days have elapsed since the vulnerability was reported and patched, BleepingComputer is not aware of a formal disclosure made by the project.Security researcher Jackson Henry of the Sakura Samurai ethical hacking group had first discovered and reported the vulnerability to Apache in early October, 2020. Although the project had acknowledged Henry's report and issued...

Read more
Data Breach image

To lean on the cliché, these unprecedented times have brought about significant challenges for everyone. Practically every organisation, person and industry has been forced to make unexpected changes and significant sacrifices in a variety of different forms. The rush to equip organisations and employees with the tools needed to work from home has greatly exacerbated the already underlying condition of poor cybersecurity hygiene. While businesses and individuals were focused on staying safe and operational, cybercriminals...

Read more
Credit card shopping online

Research has revealed that the likes of Costco, Walmart and The Home Depot are more at risk to web-based cyberattacks then compared to their EU counterparts, according to findings from Outpost24. In a year that saw a global pandemic leading to a 30% surge in online shopping and exponential growth in cybersecurity threats for enterprises, Outpost24 analysed the web application attack surface for 20 of the biggest retailers in Europe and the US to evaluate...

Read more
USA Flag

The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 20-04 addressing a critical vulnerability— CVE-2020-1472—affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker with network access to a domain controller could exploit this vulnerability to compromise all Active Directory identity services. Earlier this month, exploit code for this vulnerability was publicly released. Given the nature of the exploit and documented adversary behaviour, CISA assumes active exploitation of this vulnerability is occurring in the wild. ED...

Read more