What is a penetration test?

Lars Greiwe 4 Aug 2017

This is the first article in a series explaining the different types of penetration testing - or “pen tests” for short. Because while many people might know they need a pen test, the term “pen test” can actually...

Apache Struts - Remote Code Execution - CVE-2017-5638

Chris Wallis 9 Mar 2017

On March 7th a critical vulnerability was announced in the Apache Struts framework, a popular web...

Intruder Vulnerability Bulletin - PHPMailer Code Execution Vulnerability

David Robinson 27 Dec 2016

A vulnerability in the PHPMailer library was recently discovered, which affects versions of the software before 5.2.18. If successfully exploited, this weakness allow a remote attacker to compromise the affected system by executing arbitrary commands. It's worth...

The battle for IoT Security has already been lost

Chris Wallis 21 Oct 2016

A few weeks ago, the website of popular cyber security journalist Brian Krebs was taken offline by a previously undiscovered botnet, now known as the Mirai botnet. The attack was interesting for a number of reasons. First of all, it was at the time the largest DDoS...

What's the point in phishing assessments?

Chris Wallis 29 Jul 2016

As news is released that PhishMe made £45 million last year, it's clear that phishing assessments have become very...

Badlock Vulnerability - Pre-Release Analysis

David Robinson 11 Apr 2016

It seems that merely releasing a vulnerability with a cool logo and marketing budget isn't enough these days. Like the movie studio behind a blockbuster film, the authors of the Badlock vulnerability have decided to go all out and start their marketing in advance of their...

OWASP Top 10 Considered Harmful

Chris Wallis 21 May 2015

The OWASP Top 10 is frequently used in application security circles as the go-to reference for "best practice". However, while the Top 10 approach may once have been a great way...

Petya or NotPetya, Why is MS17-010 Still Not Patched?

Dan Andrew 30 Jun 2017

Petya or NotPetya - How long should it take to patch against a globally recognised exploit, and why are attackers still able to use MS17-010?Whether you prefer to call the...

200,000 websites still affected by three year old security weakness (Heartbleed)

Chris Wallis 24 Jan 2017

The Heartbleed vulnerability, renowned for allowing hackers anywhere on the internet to access encrypted communication between...

Memcached Code Execution Vulnerabilities - Intruder Vulnerability Bulletin

David Robinson 2 Nov 2016

A number of new vulnerabilities in Memcached were recently discovered, which affect versions of the software before 1.4.33. If successfully exploited, these weaknesses allow a remote attacker to compromise the affected system by executing arbitrary...

Intruder Vulnerability Bulletin - Cisco IKE Vulnerability (BENIGNCERTAIN)

David Robinson 20 Sep 2016

Leaked from the NSA's toolkit of private exploits, this recently disclosed Heartbleed-esque vulnerability can allow an attacker anywhere on the internet to extract sensitive information such as private keys from an affected device. This could...

I’m a startup, what should I do about security?

Chris Wallis 20 Jun 2016

Being a startup is difficult. You don't have the budget to do everything like a big corporate, but if you don't appear to be doing things properly, no one will buy from you. This is especially true when it comes to security. Doing...

DROWN Vulnerability - More Like A Doggy Paddle

David Robinson 4 Mar 2016

You may have heard of the new DROWN vulnerability as it's been in the news a fair bit over the past couple of days. We're glad to say,...

VENOM Explained

David Robinson 15 May 2015

Over the last few days there's been a lot of hype surrounding the recently released (and patched) VENOM vulnerability. This...

Team Xball – DDoS Extortion Hoax

Dan Andrew 15 Jun 2017

"We are the Team Xball and we have chosen your website/network as target for our next DDoS attack." Is this the work of an expert hacking group or...

Intruder Vulnerability Bulletin - PHPMailer, SwiftMailer & ZendFramework Code Execution Vulnerabilities

David Robinson 3 Jan 2017

A number of vulnerabilities were recently discovered, which affect email sending functionality in the following software libraries: PHPMailer < 5.2.20SwiftMailer < 5.4.5-DEVZendFramework Mail < 2.4.11 (inc. zend-mail < 2.4.11 & < 2.7.2)If...

Intruder Vulnerability Bulletin - Dirty COW Privilege Escalation

David Robinson 21 Oct 2016

You may have heard of a new Linux vulnerability named "Dirty COW" in the news today. This vulnerability affects most versions of the Linux operating system, and if successfully...

Intruder Vulnerability Bulletin - MySQL Privilege Escalation Vulnerabilities

David Robinson 13 Sep 2016

You may have heard of two new MySQL vulnerabilities in the news over the past couple of days (CVE-2016-6662 & CVE-2016-6663). CVE-2016-6662 This vulnerability affects MySQL (versions < 5.7.15, < 5.6.33, <...

Days of Cyber: What’s an SME to do? (Threat Landscape)

Chris Wallis 6 May 2016

This will be the first in a series of blog posts exploring the world of cyber security, with a specific view on how it applies to SMEs; and what they can do to survive in a complex world of threat actors, zero-day exploits, and a...

Why Encryption Is Not The Answer

Chris Wallis 25 Oct 2015

Over the last few days I've heard a lot of questions in the media asking why TalkTalk didn't have their customer data encrypted.  While it's easy to understand why people might...

intruder logo

Intruder proactively identifies weaknesses in your internet-facing systems that hackers could exploit, and helps you remediate the issues before you get breached.

Intruder is simple to use, easy to understand and performs regular assessments to provide ongoing defence against hackers on the internet.

Try it for free today: