Insights

Even the world’s most unskilled and inexperienced criminals know it’s always better to sneak in the back door of a shop instead of breaking down the one in the front.

If you laid the source code of all the malware strains in the world together, it would probably wrap around the world a few times over.

There’s been some big headlines in the news about data breaches over the last few years. An attack on Equifax exposed the sensitive information of 143 million U.S. citizens; Yahoo! saw hackers compromise 3 billion accounts.

Hacking-as-a-Service: Crimeware emerging as a pay-to-play threat 

Last Updated: 08/01/2018 10.00

Last updated: 31/10/2017 11:00

The global WannaCry Ransomware pandemic is still making headline news and has been well covered by news and tech media outlets. The security teams at Integrity360 have been following analysis & updates closely, from both our industry partners and the wider security community, and working with our customers around the clock to improve their security posture and close any avenues of attack in light of WannaCry.

This update provides a summary of the pertinent details, new developments, our short term expectations and the current recommendations.

Please note that we have issued an updated advisory. (15/05/2017)

A vulnerability has been discovered in Windows 2003 Servers running IIS (Internet Information Services) 6.0. The exploit code takes advantage of a function within the WebDav service, allowing remote attackers to execute arbitrary code. Microsoft declared Windows Server 2003 end of life as of July 14, 2015, meaning no security patches will be released for the operating system.

Critical vulnerability discovered in Magento eCommerce software. Has been given a 9.8/10 in terms of severity due to unauthenticated remote code execution. CVE assigned is CVE-2016-4010.