Takeaways from the Ticketmaster and Harvey Norman data breaches
Risk is an inescapable part of life, but many companies continue to believe it doesn’t apply to them.
In 2024, the landscape of ransomware attacks will continue to evolve, drawing from past trends while adapting to new defences and technologies.
Learn about seven of the most popular cyber security frameworks being used by businesses around the world.
Posts about:
Risk is an inescapable part of life, but many companies continue to believe it doesn’t apply to them.
Hacking-as-a-Service: Crimeware emerging as a pay-to-play threat
Last Updated: 08/01/2018 10.00
Last updated: 31/10/2017 11:00
The global WannaCry Ransomware pandemic is still making headline news and has been well covered by news and tech media outlets. The security teams at Integrity360 have been following analysis & updates closely, from both our industry partners and the wider security community, and working with our customers around the clock to improve their security posture and close any avenues of attack in light of WannaCry.
This update provides a summary of the pertinent details, new developments, our short term expectations and the current recommendations.
Please note that we have issued an updated advisory. (15/05/2017)
A vulnerability has been discovered in Windows 2003 Servers running IIS (Internet Information Services) 6.0. The exploit code takes advantage of a function within the WebDav service, allowing remote attackers to execute arbitrary code. Microsoft declared Windows Server 2003 end of life as of July 14, 2015, meaning no security patches will be released for the operating system.
Critical vulnerability discovered in Magento eCommerce software. Has been given a 9.8/10 in terms of severity due to unauthenticated remote code execution. CVE assigned is CVE-2016-4010.
DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security. These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication.
Cisco released a patch for a critical security vulnerability affecting its Internet Key Exchange version 1 (IKEv1) and version 2 (IKEv2) of ASA software, the operating system that runs the company's Adaptive Security Appliance security devices. The flaw allows attackers to remotely execute code or reload affected systems and take over Adaptive Security Appliance (ASA) firewalls.
Integrity360 has today released the following advisory in relation to a recent upsurge in DDoS attacks. We’d like to encourage our clients to review this advisory and action as required.
The recent issue that was disclosed publicly was resolved and a patch was made available in July 2014 as part of Fortinet's commitment to ensuring the quality and integrity of their codebase. This was not a “backdoor” vulnerability issue but rather a management authentication issue. The issue was identified by Fortinet's Product Security team as part of their regular review and testing efforts.
Dublin, Ireland
+353 01 293 4027
London, United Kingdom
+44 20 3397 3414
Sofia, Bulgaria
+359 2 491 0110
Stockholm, Sweden
+46 8 514 832 00
Madrid, Spain
+34 910 767 092
Kyiv, Ukraine
+38 0 504 701 125
Naples, Italy
Vilnius, Lithuania
Cape Town, South Africa
+27 21 100 3774