Apache Struts - Remote Code Execution - CVE-2017-5638

Chris Wallis 9 Mar 2017

On March 7th a critical vulnerability was announced in the Apache Struts framework, a popular web development toolkit that is commonly used in internet-facing systems.The vulnerability (tracked as CVE-2017-5638) was particularly...

Intruder Vulnerability Bulletin - PHPMailer Code Execution Vulnerability

David Robinson 27 Dec 2016

A vulnerability in the PHPMailer library was recently discovered, which affects versions of the software before 5.2.18. If successfully exploited, this weakness allow a remote attacker to compromise the affected system by executing arbitrary...

Intruder Vulnerability Bulletin - Dirty COW Privilege Escalation

David Robinson 21 Oct 2016

You may have heard of a new Linux vulnerability named "Dirty COW" in the news today. This vulnerability affects most versions of the Linux operating system, and...

What's the point in phishing assessments?

Chris Wallis 29 Jul 2016

As news is released that PhishMe made £45 million last year, it's clear that phishing assessments have become very popular....

Badlock Vulnerability - Pre-Release Analysis

David Robinson 11 Apr 2016

It seems that merely releasing a vulnerability with a cool logo and marketing budget isn't enough these days. Like the movie studio behind a blockbuster film, the authors of the Badlock vulnerability have decided to go all out and start their marketing in advance...

OWASP Top 10 Considered Harmful

Chris Wallis 21 May 2015

The OWASP Top 10 is frequently used in application security circles as the go-to reference for "best practice". However, while the Top 10 approach may once have...

200,000 websites still affected by three year old security weakness (Heartbleed)

Chris Wallis 24 Jan 2017

The Heartbleed vulnerability, renowned for allowing hackers anywhere on the internet to access encrypted communication between websites and their users, has been discovered to still be present on nearly 200,000 websites, more than three years after it was originally discovered. A...

Memcached Code Execution Vulnerabilities - Intruder Vulnerability Bulletin

David Robinson 2 Nov 2016

A number of new vulnerabilities in Memcached were recently discovered, which affect versions of the software before 1.4.33. If successfully exploited, these weaknesses allow a remote attacker to compromise the...

Intruder Vulnerability Bulletin - Cisco IKE Vulnerability (BENIGNCERTAIN)

David Robinson 20 Sep 2016

Leaked from the NSA's toolkit of private exploits, this recently disclosed Heartbleed-esque vulnerability can allow an attacker anywhere on the internet to extract sensitive information such as private keys from an affected device. This...

I’m a startup, what should I do about security?

Chris Wallis 20 Jun 2016

Being a startup is difficult. You don't have the budget to do everything like a big corporate, but if you don't appear to be doing things properly, no one will buy from you. This is especially true when it...

DROWN Vulnerability - More Like A Doggy Paddle

David Robinson 4 Mar 2016

You may have heard of the new DROWN vulnerability as it's been in the news a fair bit over the past couple of days. We're glad to say, we've already checked our customers' systems, but, even if you're not...

VENOM Explained

David Robinson 15 May 2015

Over the last few days there's been a lot of hype surrounding the recently released (and patched) VENOM vulnerability. This post hopes to address this hype and provide an insight into the real...

Intruder Vulnerability Bulletin - PHPMailer, SwiftMailer & ZendFramework Code Execution Vulnerabilities

David Robinson 3 Jan 2017

A number of vulnerabilities were recently discovered, which affect email sending functionality in the following software libraries: PHPMailer < 5.2.20SwiftMailer < 5.4.5-DEVZendFramework Mail <...

The battle for IoT Security has already been lost

Chris Wallis 21 Oct 2016

A few weeks ago, the website of popular cyber security journalist Brian Krebs was taken offline by a previously undiscovered botnet, now known as the Mirai botnet. The attack was interesting...

Intruder Vulnerability Bulletin - MySQL Privilege Escalation Vulnerabilities

David Robinson 13 Sep 2016

You may have heard of two new MySQL vulnerabilities in the news over the past couple of days (CVE-2016-6662 & CVE-2016-6663). CVE-2016-6662 This vulnerability...

Days of Cyber: What’s an SME to do? (Threat Landscape)

Chris Wallis 6 May 2016

This will be the first in a series of blog posts exploring the world of cyber security, with a specific view on how it applies to SMEs; and what they can do to survive in a complex world of threat...

Why Encryption Is Not The Answer

Chris Wallis 25 Oct 2015

Over the last few days I've heard a lot of questions in the media asking why TalkTalk didn't have their customer data encrypted.  While it's easy to understand why people might ask the question, it's slightly harder to...

intruder logo

Intruder proactively identifies weaknesses in your internet-facing systems that hackers could exploit, and helps you remediate the issues before you get breached.

Intruder is simple to use, easy to understand and performs regular assessments to provide ongoing defence against hackers on the internet.

Try it for free today: