Microsoft Word Remote Code Execution Vulnerability (CVE-2023-21716)
On the 14th February 2023, Microsoft released a security advisory detailing CVE-2023-21716 – a Remote Code Execution (RCE) vulnerability affecting a variety of Office, SharePoint, and 365 Application versions. The vulnerability has been assigned a CVSSv3.1 score of 9.8 (CRITICAL), given the ease of exploitability and minimal victim interaction required. Given that there is now PoC […]
How to Protect the Business Against a Data Breach/Ransomware
Threats to the business can come in various forms but by far the most common and significant is a data breach. Usually leveraged via a successful phishing or spear phishing attack, this then results in either sensitive information (such as a username and/or password) being disclosed or a compromise of target endpoints such as laptops or mobile […]
CVE-2022-34001 – XML External Entity (XXE) in Unit 4 ERP 7.9 (Also Known As “Agresso”)
Prism Infosec Identified an XXE vulnerability within Unit4’s Enterprise Resource Planning (ERP) software. This has been assigned CVE-2022-34001. Unit4’s ERP software is a well-known enterprise management suite, which includes financial and project management tools. Prism Infosec discovered a blind XXE within a specific function of the ERP software. This would allow an authenticated attacker to […]
What is the PSTI and will it improve IoT security?
By Phil Robinson The new Product Security and Telecommunications Infrastructure (PSTI) Bill currently going through parliament comprises two parts. The first aims to put in place safeguards to regulate the secure design of the Internet of Things (IoT) while the second will ensure broadband and 5G networks are gigabit-grade. It’s the first part that has caused a […]
Prism Infosec Exhibiting at the NCSC’s Flagship Event CYBERUK22
Prism Infosec is delighted to announce that it will be exhibiting at the NCSC’s CYBERUK 2022 conference, in Newport on the 11th and 12th of May 2022 on stand A29. For more information on the conference see the NCSC website and agenda. Do come and visit our stand for a chat and to learn more […]
Let’s Go Phishing
Prism Infosec’s security consultant Kian J, provides a detailed account of a successful simulated phishing attack
ICO data reveals sharp rise in attacks
Recent data from the Information Commissioner’s Office (ICO) Data Security Trends Analysis Q1 2021-22 (capturing incidents for the period 1 April – 30 June 2021) reveal there’s been a sharp rise in specific cyber attacks as attackers seek to capitalise on the disruption caused by the pandemic and working from home (WFH). The biggest leap […]
Threats and priorities for 2022
Phil Robinson, December 23rd 2021 Many businesses will still be grappling with the seismic shifts of the pandemic as they eye 2022. The rush to roll-out systems to support home working and to activate virtual versions of real-world business channels saw unprecedented digital transformation equivalent to years achieved in just a few months. But this […]
Apache ‘Log4Shell’ Log4j (version 2) vulnerability (CVE-2021-44228)
Our teams are actively responding to the Log4Shell (or LogJam) 0-day threat which has been reported in the Apache Log4j 2 Java library and has been awarded a severity rating of 10 out of 10 by NIST. We are alerting customers to systems and services that may potentially be impacted and assisting with the investigation and remediation of any […]
Alexis V elected to CREST-EU Council
We’re proud to announce that Alexis V, Senior Security Consultant at Prism Infosec, has been elected to the newly formed CREST-EU Council. CREST, an international not-for-profit accreditation and certification body that represents and supports the technical information security market, announced its intention to form the Council and an EU Chapter at the end of October. Due to meet in the […]