It’s now over a month since the news of the critical vulnerability for Exchange (CVE-2019-0586) was circulated. As NIST NVD notes, “a remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka Microsoft Exchange Memory Corruption Vulnerability.” [1] This affects Microsoft Exchange Server and is… Read More »
I’ve just returned from an enjoyable week in the City (Moorgate, to be precise) attending the CISSP ADC run by IT Governance Ltd. CISSP is a certification that I first thought about back in 2008, so returning to this is long-overdue. As an academic I’ve developed course elements that align closely to CISSP, so have… Read More »
When users are (hopefully) assessing phishing emails, they typically look for a few tell-tale signs that the email is not legitimate. At least, that’s what we hope 🙂 Many users focus on the URL provided in a phishing email, usually by hovering their mouse pointer over the link to reveal the true destination. Good comprehensive… Read More »
Intel have written up an interesting blog post on the IE scripting flaw, that was identified in January and for which Microsoft issued an OOB patch. This vulnerability can either be triggered through malicious scripting, or an attack mounted against WPAD. The vulnerability is a form of use-after-free defect that can be exploited by remote… Read More »
The UK government launched the cyber skills strategy consultation in December 2018, seeking views on the proposals. The proposal focuses on the cyber security capability gap, the workforce, having expertise in organisations to manage cyber security, and promoting individual understanding of personal data value and cyber hygiene. The stated mission of the proposals is “to… Read More »