Threats Microsoft DNS patching – Microsoft released a patch for DNS this month. Reported internally, however may allow remote code execution and should be applied to all Microsoft DNS servers. (MS15-127). Soon after release traffic to port 53 increased on the internet suggesting there may be an exploit available. If you have external facing Microsoft […]
Shearwater is a specialist information security services provider. We address four of the key information security challenges confronting organisations today, the challenges of securing applications; managing security operations; maintaining compliance, and improving awareness and security education across the board. We provide a combination of integrated services and capabilities delivered through our highly experienced information security and risk professionals.
Entries by Shearwater
By Heather Robins Sometimes, coming to grips with your company’s need to be compliant with the Payment Card Industry Data Security Standards (PCI DSS) feels a bit more like going through the Five Stages of Grief than tackling a standard issue business problem. I’ve been in the Information Security industry for a little over 5 […]
By Mark Hofman, Terry Darling, and Simon Treadaway 1- MS15-034 – HTTP.sys Advisory (CVE CVE-2015-1635) Microsoft earlier this week released a patch for both servers and workstations, MS15-034. This patch addresses an issue in the file http.sys. The http.sys file is used by the operating system to accept and process HTTP and HTTPS requests. At […]
By Terry Dolbey and Matt Stiles 1- Background on GHOST Vulnerability CVE-2015-0235 GNU C Library (glibc) is the implementation of the C library used by the GNU project. This library provides the core functionality to Unix and Linux (Nix) based Operating Systems and access to common functions used by applications installed on the Operating Systems. […]
Background on CVE-2014-0160 (Heartbleed) Secure Sockets Layer (SSL), and Transport Layer Security (TLS) are cryptographic protocols that are used to provide secure communications between a client and a server, and is most often used to encrypt HTTP traffic. SSL and TLS can also be used to secure other communications protocols including those used by email […]
[NOTE: All information was gathered from public websites] Discovering information leakage in files and why it’s important? During the build-up to our recent product launch of “phriendlyphishing.com”, Shearwater Ethical Hacking team (SEH) conducted hefty amounts of research into phishing attacks, and how they are being used to compromise countless individuals, corporations and governments every day. […]