22-May-18 - Got a Draytek router? Best check out this advisory from DrayTech asap... read more here.
01-May-18 - NHS signs deal with MS for Windows 10 roll out... read more here.
23-Apr-18 - High rated vulnerability in SAML SSO affecting Cisco ASA, AnyConnect Secure Mobility Client for Desktop Platforms and Cisco Firepower Threat Defense (FTD) Software. Patch now, read more here.
19-Apr-18 - insights.london.nhs.uk defaced. Its written in Joomla and has no HTTPS on logins. No surprise it had issues really then! Read more here.
19-Apr-18 - Webex has critical rated remote code execution involving Flash files, CVE-2018-0112, cisco-sa-20180418-wbs. Patch quickly and read more here.
13-Apr-18 - Using Outlook? Patch to ensure crafted RTF emails dont give threat actors your hashed password. Read more here.
09-Apr-18 - Good times, WMAS ISAS achieves IASME Gold, Certificate Number: A15-000449.
05-Apr-18 - Yet another remote code execution vulnerability in Microsoft Windows Defender! Read more here.
27-Mar-18 - TLSv1.3 gets approval, simpler, quicker and more secure.. or so they say. Read more here.
20-Mar-18 - UK National Lottery subjected to cred stuffing attack, not rocket science but apparently they got access to over 150 accounts. read more here.
12-Mar-18 - Shock horror, only about half paying ransomware fees get their files back... criminals apparently not trustworthy! Read more here.
28-Feb-18 - SSO SAML modification without invalidating cryptographic sigs?! Multiple SAML libraries may allow authentication bypass affecting SSOs, read more here.
12-Feb-18 - Use of third party code causes website visitor device enrollment in crypto-mining... we have been highlighting inclusion of sich code in sites for ages. Read more here.
08-Feb-18 - Apple iBoot for IOS 9 leaked and quickly taken down. Could allow identification of vulnerabilities... read more here.
08-Feb-18 - NCSC release Phishing guidance and advice, probably common knowledge to many but nice to have it documented. Access it here.
06-Feb-18 - Still using Flash? Really?? New exploit doing the rounds in 188.8.131.52 and earlier. Read more here.
30-Jan-18 - New ActiveDirectory shadow Domain Controller exploit details published, these guys are very, very clever! Read more here.
30-Jan-18 - Cisco ISA, ASA, Firepower hit with 10 out of 10 CVSS exploit re VPN functionality, get patched! Read more here from Cisco.
29-Jan-18 - Microsoft issues out of band patch to unpatch Intel Spectre 2 (CVE 2017-5715) patch, it really was that bad?! Read more here.
29-Jan-18 - Got a Lenovo ThinkPad, ThinkCentre or ThinkStation? Multiple vulnerabilities in the fingerprint reader including a hard coded password! Read more here.
24-Jan-18 - WMAS ISAS team quoted in Digital Health article on Norwegian health records breach... read more here.
17-Jan-18 - For once crime doesnt pay. Canadian LeakedSource sold access to 3 billion breach records, owner in court. Read more here.
16-Jan-18 - Carphone Warehouse fined £400,000 by UK ICO following compromise of computer systems back in 2015. Read more here.
09-Jan-18 - Meltdown and Spectre fixes but reportedly affects performance and stops some software and solutions. Read here for further info.
04-Jan-18 - Huge "Meltdown" vulnerability in Intel chips allows unauthorised remote access to secure memory locations (inc keys, pwds etc)... read more here. Think about impact on devices but also shared and cloud hosting :(
02-Jan-18 - Mozilla bug caused crash reports to be sent home no matter what you told it! Read more here.
20-Dec-17 - Love biometrics? Windows 10 face recognition beaten by simple photos. Read more here.
12-Dec-17 - Archive of 1.4 BILLION user names and passwords found in clear text on the dark web! Read more here.
11-Dec-17 - Microsoft accidentally leaks TLS certificate and private key via Dynamics 365, takes 100 days to fix! read more here.
05-Dec-17 - Presenting a "live hack" at Public Cyber Security 2017 in 2 days time, read more here.
01-Dec-17 - Apple blank password root login is fixed, read more here.
22-Nov-17 - Uber hacked, leaked 53 million records - kept quiet and paid off hackers to "delete" data! Incredible. Read more here.
17-Oct-17 - WPA2 re-use of nonce breaks encryption, patch clients and infrastructure asap. Read more here.
27-Sep-17 - Update to iOS11, easy WiFi hack is out there, read more here.
27-Sep-17 - Deloitte email hack, is there more to it? Read more here.
13-Sep-17 - We are presenting a demo hack at Public Cyber Security 2017, come along and say hi... click here for details.
01-Sep-17 - Three new Asterisk vulnerabilities, one of which allows info disclosure - not what you want on your telecoms system! Read more here.
18-Jul-17 - Sharing data on the LAN can be slightly risky, sharing on the Cloud even riskier. Dow Jones accidentally leaks up to 4m user accounts! Read more here.
10-Jul-17 - The AA comes clean on personal data leaked via its website affecting 120k users. Hardly timely breach reporting (think GDPR!). Read more here.
28-Jun-17 - UK software development company fined £60k for missing basic Data Protection controls including lack of penetration testing. Read the ICO notice here.
21-Jun-17 - Critical Stack Clash priv escalation vulnerability identified in multiple *nix operating systems. Patch asap, read more here.
16-Jun-17 - Vault 7 details CIA Cherry Blossom framework that can compromise hundreds of WiFi devices, read more here.
12-Jun-17 - Critical Remote Code Execution Samba vulnerability being exploited in the wild... read more here.
19-May-17 - NHS cyber attack, inevitable in our opinion, luckily our clients were largely un-affected and those that were had been told they were below par. Official statement from NHS Digital here.
09-May-17 - Microsoft security software can be tricked into running and installing malware when its scanning for malware!! Patch quickly, read more here.
27-Apr-17 - Equation Group exploits plugged by Microsoft a month prior to ShadowBrokers release... coincidence?! The exploits are good fun on Win7, Win2K8 etc... read more here.
27-Apr-17 - GE power grid devices contain hardcoded pwd. Never design your own encryption or auth mechanisms! Read more here.
11-Apr-17 - Zero day Word bug being used in Dridex campaign... patch asap. Read more here.
10-Apr-17 - Wonga 270k customer related data breach... read more here.
27-Mar-17 - Dishwasher has directory traversal, serious but also quite amusing! Read more here.
15-Mar-17 - Patch Tuesday resolves multiple remote code execution bugs and escape from HyperV guest to host (ms17-008)! Patch quickly, read more here.
03-Mar-17 - Using WordPress NextGEN photo plugin? Upgrade to version 2.1.79 asap! Read more here.
01-Mar-17 - Private healthcare firm fined £200,000 for IVF data leak. Read more here.
24-Feb-17 - "Cloudflare have been leaking customer HTTPS sessions for months. Uber, 1Password, FitBit, OKCupid, etc"... read more here.
21-Feb-17 - JAVA and Python based XML processing can permit firewall bypasses (in certain situations), interesting. Read more here.
10-Jan-17 - Ransomware evolves to be a data breach, sensitive data exfiltration added to KillDisk... read more here.
23-Dec-16 - LV= former employee sentenced to 12 months for accepting bribe and releasing customer data... read more here.
15-Dec-16 - Using Joomla? Update, update, update.... NOW. Read more here.
15-Dec-16 - One Billion accounts compromised in Yahoo "mega-breach". Read more here.
06-Dec-16 - Four to five new malware samples every second? That's a lot! Read more here.
18-Nov-16 - Not controlling your end point USB ports? Worried? You should be! Worringly simple physical attack... read this
17-Nov-16 - Linux LUKS, press enter lots of times, get a root initramfs rescue shell for free! Read more here.
16-Nov-16 - NHS CareCert React available from 16th November 2016 on 0800 085 6653. Red more here.
16-Nov-16 - ISAS included in Sky News NHS cyber security news story... click here for more.
09-Nov-16 - Microsoft issues patch which addresses the "Google announced" zero-day. Patch quickly, read more here.
04-Nov-16 - MySQL (inc MariaDB and PerconaDB) vulnerabilities allow low priviledge local user to compromise hosting server! Get patching, read more here.
03-Nov-16 - Most systems now restored following Northern Lincolnshire and Goole NHS Foundation Trust virus infection... good news. Read more here.
01-Nov-16 - Northern Lincolnshire and Goole NHS Foundation Trust hit by virus, major incident declared, operations cancelled. Read more here.
21-Oct-16 - Dirty Cow is a nasty priv esc to root affecting almost all Linux based distros since 2007! Patch quickly, read more here.
17-Oct-16 - Be careful when "redacting PDF files"! US discloses PID of hacker being tried for illegally accessing & disclosing info! Read more here.
12-Oct-16 - Adobe patches 83 issues in Acrobat, Reader and Flash... 83! Read more here.
10-Oct-16 - Multiple Vulnerabilities in Animas OneTouch Ping Insulin Pump .Read more here.
08-Oct-16 - A big welcome to our 5 new NHS clients, all gained within one month!
26-Sep-16 - NHS Digital announces new CareCert services, Assure, Knowledge and React. Read more here.
23-Sep-16 - 500 MILLION! 500 million Yahoo accounts hacked including unencrypted security questions and answers. Read more here.
16-Sep-16 - Critical Cisco patches WebEx server and appliance for remote code execution vulnerability, read more here.
14-Sep-16 - US healthcare... laptop encrypted... check. Encryption password written down in laptop bag... check. Oh dear. Read more here.
13-Sep-16 - MySQL zero day allows compromise of MySQL and potentially hosting server! Read more here.
09-Sep-16 - NHS told to try harder re ransomware... luckily no ISAS clients have been hit hard to date! Read more here.
09-Sep-16 - WMAS ISAS contribute to cyber security article 'Locking Up' in Healthcare Finance magazine... read more here.
07-Sep-16 - 98 million plain text user names and passwords from 2012 Russian website hack posted online... Read more here.
02-Sep-16 - Ransomware and phishing survey shows lack of confidence amongst IT security pros. Read more here.
24-Aug-16 - Equation Group ports public ASA exploit for 8.2.(4) to newer devices - version 9.2(4). Read more here.
17-Aug-16 - WMAS ISAS to deliver a key presentation at the Cyber Security in Healthcare Show (CSIH), click here or more.
22-Jul-16 - France privacy watchdog declares Windows 10 is too much of a snoop, gives MS 3 months to act... read more here.
21-Jul-16 - Oracle quarterly patch fixes 276 problems over 84 of its products! Read more here.
15-Jul-16 - Microsoft wins case against data privacy reach of US Government... read more here.
06-Jul-16 - Malware going after old medical device OS vulns... read more here.
06-Jul-16 - Lenovo and HP laptops firmware vulnerability also on motherboards sold by Gigabyte. Read more here.
30-Jun-16 - How hackers avoid your AV... they / we dont use malware! Read more here.
15-Jun-16 - ZCrypt, ransomware that can spread like a virus... read more here.
10-Jun-16 - 32 million.. yes 32 million Twitter credentials up for sale!!! Read more here.
27-May-16 - Is UK based banking fraud protection going to be removed? It could be YOUR problem! Read more here.
19-May-16 - 2012 LinkedIn breach just got worse, number of affected users up to 177m from 6.5m! Read more here.
03-May-16 - ISAS to exhibit at the CyberUK in Practice 2016 event on 24th and 25th May under the TIAN brand, come and say hello! Read more here.
29-Apr-16 - Office 365 vulnerability enabled anyone to log in to business accounts! Read more here.
25-Apr-16 - "Healthcare makes easy pickings for hackers"... read more here.
14-Apr-16 - Badlock - Yes its bad but not as bad as it initially sounded! Read more about this privilege escalation vulnerability here.
31-Mar-16 - WMAS ISAS identifies significant zero-day vulnerability in nationally utilised website Content Management System. Further details to follow after vendor patching.
31-Mar-16 - Googles Project Zero names and shames 'ridiculous' Trend Micro bug, read more here.
29-Mar-16 - 1.5 million customer records of the computer security wing of Verizon up for sale! Read more here.
17-Mar-16 - Your HTTPS traffic can give a threat actor a very reliable fingerprint of your system! Read more here.
09-Mar-16 - US based cancer treatment center warns 2.2 million patients that health data and Social Security numbers stolen... Read more here.
02-Mar-16 - DROWN - OpenSSL vulnerability - update OpenSSL and for the last time please DISABLE SSLv2! Read more here.
22-Feb-16 - Did you download Linux Mint on February 20th 2016? Read this straight away if so, you might have a backdoored ISO! Read more here.
18-Feb-16 - Botnet serving Dridex now serving Locky ransomware, are you ready to deal with an infection? Read more here.
18-Feb-16 - California Hospital falls foul of ransom-ware, offline for 2 WEEKS. Read more here.
17-Feb-16 - Critical Linux vulnerability (CVE-2015-7547) affects all flavours of Linux and permits remote code execution!! Read more here.
16-Feb-16 - Moscow Hospital easy to hack finds Kaspersky... read more here.
15-Feb-16 - Sixteen year old east midlands boy arrested for hacking CIA Director personal accounts. Read more here.
08-Feb-16 - Oracle issues emergency patch for Java on Windows for vulnerability allowing complete compromise. Read more here.
03-Feb-16 - Safe Harbor replacement agreed, does it actually provide tangible improvements? Read more here.
01-Feb-16 - Lincolnshire council IT ransomware flingers reportedly asked for ... £350 not £1m! Read more here.
27-Jan-16 - Critical Firefox vulnerabilities fixed patched in Firefox 44 and Firefox Extended Release 38.6. Read more here.
23-Jan-16 - Deliberate backdoor removed From secure conferencing gear, read more here.
20-Jan-16 - CVE-2016-0728 Linux privilege escalation zero day vulnerability. Read more here.
19-Jan-16 - New EU General Data Protection Regulation looks set to arrive in 2018, larger fines for incidents and numerous other notable inclusions... Read more here
18-Jan-16 - "Wierd" SSH backdoor in Fortinet firewalls?? Read more here...
13-Jan-16 - Citrix hacked, could provide access to your network? Read more here...
11-Jan-16 - UK Information Commissioner repeats call for stronger sentences for data thieves. Read more...
11-Jan-16 - Turkish hacker gets 334 years in prison for bank related identity fraud, access device fraud, website forgery and wire fraud.
18-Dec-15 - Juniper unauthorized code found in ScreenOS, patch ASAP, read more.
18-Dec-15 - Maidstone council reports hundreds of residents personal details could potentially be viewed online.Read more.
16-Dec-15 - Massive FireEye vulnerability allows complete compromise via sending (not even reading!) of a single email, read more.
15-Dec-15 - IMPORTANT Zero day announced in Joomla 1.5 and above, update to 3.4.6 NOW. Read more.
14-Dec-15 - Anonymous has breached the subdomains of the European Space Agency website and leaked personal and login credentials for the lulz... read me.
10-Dec-15 - Is your antivirus the security weakness in your infrastructure? Worrying news about Kasperky, AVG and McAfee, read more.
08-Dec-15 - The Register reports 'Cambridge University Hospitals rated 'inadequate' due to £200m IT fail' Read more here
07-Dec-15 - vTech stolen passwords not stored securely... we would be shocked but this is all too common, read more.
04-Dec-15 - JD Weatherspoon hack affects approx 650k people however credit card data disclosure limited... read more
04-Dec-15 - Chinese government arrests hackers responsible for US Office of Personnel Management database hack . Read more.
04-Dec-15 - VTech Learning Lodge App Store cyber breach, affects over 7 million accounts - including child accounts and data. Click here for more info.
24-Nov-15 - Dell admits shipping XPS, Precision and Inspiron laptops and PCs with a web security hole. Read more here.
23-Nov-15 - Remember the insider threat, hospital Clerk in US fined $36k and given 2 years probation after selling thousands of maternity records. Read more here.
18-Nov-15 - A 15-year-old British boy has been charged over cyber-attacks on international websites and bomb hoaxes against US airlines, police have said. Read more here.
17-Nov-15 - UK assets including public sector resources and hospitals targets for major IS cyber attacks says GCHQ. Read more here.
14-Nov-15 - Cincinnati Hospital Allegedly Posts A Woman’s Syphilis Diagnosis And Personal Info On Facebook... click here for more.
14-Nov-15 - BitLocker encryption can be defeated with trivial Windows authentication bypass... click here for more.
13-Nov-15 - The WMAS ISAS team is pleased to announce it has a new national level NHS client. This demonstrates the trust that fellow health sector organisations have in our service.
13-Nov-15 - ISAS team identify critical vulnerability within nationally utilised HR related system, vendor has subsequently patched and deployed update.
01-Nov-15 - HSCIC launches CareCert to offer advice and guidance to support health and social care organisations... Click here for more.
21-Oct-15 - Lead by the ISAS Team WMAS obtains Trust wide Cyber Essentials accreditation - read more about Cyber Essentials here.
10-Sep-15 - ISAS team identifies critical SQL Injection vulnerability in nationally utilised Content Management System. Supplier has subsequently produced and deployed a patch.