Category Archives: Uncategorized

Python Multiple Thread Vulnerabilities

CVE Number – CVE-2018-1000030

Multiple vulnerabilities in Python could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.

The vulnerabilities are due to improper memory operations that are performed by the affected software. An attacker could exploit these vulnerabilities by causing a race condition on a targeted system. A successful exploit could allow the attacker to execute arbitrary code or cause a DoS condition on the targeted system. has confirmed the vulnerabilities and released software updates.

  • To exploit these vulnerabilities, the attacker may need access to trusted or internal networks to submit crafted source code to the targeted system. This access requirement could reduce the likelihood of a successful exploit.
  • Administrators are advised to apply the appropriate updates.

    Administrators are advised to restrict system access to trusted users.

    Administrators are advised to monitor affected systems.

Vendor Announcements
  • has released a bug report at the following link: Issue 31530
Fixed Software

Bye Bye AIM (AOL Instant Messenger)

If you were a 90’s kid, chances are there was a point in time when AOL Instant Messenger (AIM) was a huge part of your life. You likely remember the CD, your first screenname, your carefully curated away messages, and how you organized your buddy lists. Right now you might be reminiscing about how you had to compete for time on the home computer in order to chat with friends outside of school. You might also remember how characters throughout pop culture from “You’ve Got Mail” to “Sex and the City” used AIM to help navigate their relationships. In the late 1990’s, the world had never seen anything like it. And it captivated all of us.

It tapped into new digital technologies and ignited a cultural shift, but the way in which we communicate with each other has profoundly changed. As a result AOL have made the decision that we will be discontinuing AIM effective December 15, 2017.

AOL Instant Messenger was initially integrated into AOL Desktop and later also released as a stand-alone download by America Online (AOL) in May 1997 for Microsoft Windows.

We used to use AIM years ago, can you guess our screenname….yes it was systemtek


ElasticSearch POS Malware

During August 2017, it was discovered that a number of ElasticSearch servers had been hijacked to host Point of Sale (PoS) malware. 99% of servers infected are hosted in Amazon Web Services (AWS).

Two strains of malware have been detected on the servers, AlinaPOS and JackPOS. These two malware strains are very popular among attackers and have been in the wild since 2012.

AlinaPoS is used to scrape Credit Card data from Point of Sale (PoS) software. JackPOS is another PoS malware, which gathers credit card information. It then uses command-and-control (C2) to exfiltrate the stolen credit card data. JackPOS also uses its C2 to remove itself or download and install an updated copy of itself.

Over 16,000 ElasticSearch servers have been discovered which were configured with no authentication. Each infected ElasticSearch server became a part of a larger PoS botnet.

Affected Platforms:



  • Secure configuration of servers should be implemented, ensuring a strong password is used
  • Regularly monitor log files, connections and traffic to open ports and close all ports that are not used.
  • Reimage all compromised systems.
  • Users should consider the Security Logstash product included in the X-pack add-on.  Security allows users to add authentication, authorisation and encryption to the ElasticSearch system.

A Look At The NEW iPhone 8

At its annual September iPhone event, which took place on September 12th 2017 Apple unveiled three new iPhones: the iPhone 8, the iPhone 8 Plus, and the iPhone X.

The iPhone 8 release date is September 22nd 2017, but you can already pre-order the iPhone 8 in several countries including the UK, US and Australia.

The iPhone X is the new high-end flagship device, the iPhone 8 and the iPhone 8 Plus both feature some major improvements.

iPhone 8 is a new generation of iPhone. Designed with the most durable glass ever in an iPhone and a stronger aerospace-grade aluminium band. Charges wirelessly. Resists water and dust. 4.7-inch Retina HD display with True Tone. 12MP camera with new sensor and advanced image signal processor. Powered by A11 Bionic, the most powerful and smartest chip ever in an iPhone. Supports augmented reality experiences in games and apps. With iPhone 8, intelligence has never looked better.

  • iPhone 8 – 138.4 x 67.3 x 7.3 mm (5.45 x 2.65 x 0.29 in) and 148g (5.22 oz)
  • iPhone 8 Plus – 158.4 x 78.1 x 7.5 mm (6.28 x 3.07 x 0.32 in) and 202g (6.63 oz)
  • iPhone 8 – 4.7-inch LED-backlit IPS LCD, 1334 x 750 pixels (326 ppi), 65.6% screen-to-body ratio
  • iPhone 8 Plus – 5.5-inch LED-backlit IPS LCD, 1920 x 1080 pixels (401 ppi), 67.7% screen-to-body ratio
    • iPhone 8 and iPhone 8 Plus – Apple A11 ‘Bionic’ chipset: Six Core CPU, Six Core GPU, M11 motion coprocessor, 3GB RAM (iPhone 8 Plus), 2GB RAM (iPhone 8)

2G bands GSM 850 / 900 / 1800 / 1900
CDMA 800 / 1900 / 2100 – A1864
3G bands HSDPA 850 / 900 / 1700(AWS) / 1900 / 2100 – A1864, A1897
CDMA2000 1xEV-DO & TD-SCDMA – A1864
4G bands LTE band 1(2100), 2(1900), 3(1800), 4(1700/2100), 5(850), 7(2600), 8(900), 12(700), 13(700), 17(700), 18(800), 19(800), 20(800), 25(1900), 26(850), 28(700), 29(700), 30(2300), 34(2000), 38(2600), 39(1900), 40(2300), 41(2500), 66(1700/2100) – A1864, A1897
Speed HSPA 42.2/5.76 Mbps, LTE-A (4CA) Cat16 1024/150 Mbps, EV-DO Rev.A 3.1 Mbps
LAUNCH Announced 2017, September
Status Coming soon. Exp. release 2017, September
BODY Dimensions 138.4 x 67.3 x 7.3 mm (5.45 x 2.65 x 0.29 in)
Weight 148 g (5.22 oz)
– IP67 certified – dust and water resistant
– Water resistant up to 1 meter and 30 minutes
– Apple Pay (Visa, MasterCard, AMEX certified)
DISPLAY Type LED-backlit IPS LCD, capacitive touchscreen, 16M colors
Size 4.7 inches (~65.4% screen-to-body ratio)
Resolution 750 x 1334 pixels (~326 ppi pixel density)
Multitouch Yes
Protection Ion-strengthened glass, oleophobic coating
– Wide color gamut display
– 3D Touch display & home button
– True-tone display
Chipset Apple A11 Bionic
CPU Hexa-core (2x Monsoon + 4x Mistral)
GPU Apple GPU (three-core graphics)

MEMORY Card slot No
Internal 64/256 GB, 2 GB RAM
CAMERA Primary 12 MP, f/1.8, 28mm, phase detection autofocus, OIS, quad-LED (dual tone) flash
Features 1/3″ sensor size, geo-tagging, simultaneous 4K video and 8MP image recording, touch focus, face/smile detection, HDR (photo/panorama)
Video [email protected]/30/60fps, [email protected]/60/120/240fps
Secondary 7 MP, f/2.2, [email protected], [email protected], face detection, HDR, panorama
SOUND Alert types Vibration, proprietary ringtones
Loudspeaker Yes, with stereo speakers
3.5mm jack No
– Active noise cancellation with dedicated mic
– Lightning to 3.5 mm headphone jack adapter
COMMS WLAN Wi-Fi 802.11 a/b/g/n/ac, dual-band, hotspot
Bluetooth 5.0, A2DP, LE
NFC Yes (Apple Pay only)
Radio No
USB 2.0, reversible connector
FEATURES Sensors Fingerprint (front-mounted), accelerometer, gyro, proximity, compass, barometer
Messaging iMessage, SMS (threaded view), MMS, Email, Push Email
Browser HTML5 (Safari)
Java No
– Fast battery charging: 50% in 30 min
– Qi wireless charging
– Siri natural language commands and dictation
– iCloud cloud service
– MP3/WAV/AAX+/AIFF/Apple Lossless player
– MP4/H.264 player
– Audio/video/photo editor
– Document editor
BATTERY Non-removable Li-Ion 1821 mAh battery
Talk time Up to 14 h (3G)
Music play Up to 40 h
MISC Colors Silver, Space Gray, Gold

Prices SIM-only start from £699 with contracts available from around £40 per month.

Health Secretary Challenges NHS To Deliver Digital Services Nationwide

Jeremy Hunt addresses Health and Care Innovation Expo in Manchester on 12 September.

Every patient in England should be able access their medical records and book an appointment with a GP via an app by the end of 2018, Health Secretary Jeremy Hunt has said.

Speaking at the Health and Care Innovation Expo in Manchester on 12 September, he referred to the next 10 years as ‘the decade of patient power’.

By the end of 2018 – the 70th birthday year of the NHS – the Health Secretary said he expects every patient in England to be able to do the following online through an app:

  • access NHS 111
  • access their healthcare record
  • book a GP appointment
  • order repeat prescriptions
  • express their organ donation preferences
  • express their data sharing preferences
  • access support for managing a long term condition

Pilot schemes are already underway, with ongoing evaluation before a potential national roll-out.

Jeremy Hunt said:

If the NHS is going to be the safest, highest quality healthcare system in the world we need to do technology better. So today I am setting 7 challenges which, if we achieve them, will make the NHS a world-beater in the care of people with long term conditions.

People should be able to access their own medical records 24/7, show their full medical history to anyone they choose and book basic services like GP appointments or repeat prescriptions online.

I do not underestimate the challenge of getting there – but if we do it will be the best possible 70th birthday present from the NHS to its patients.

Online trials of support for long-term conditions have already been successful, with apps such as MyCOPD helping patients manage their conditions with less reliance on GP and hospital appointments.

To ensure independent ‘digital doctors’ are operating at the same high standard as the rest of the NHS, the Department of Health has launched a consultation about expanding the number of providers included in the Care Quality Commission’s ratings system.

Imelda Redmond, National Director of Healthwatch England said:

The vision set out by the Secretary of State directly addresses what patients and the broader public have told Healthwatch they want from a modern NHS, and is a huge step forward in ensuring all of us get the sort of integrated service we have come to expect in many other areas of life.

In his address to delegates the Health Secretary also announced:

  • the launch of MyNHS open data challenge – a £100,000 fund to reward most creative apps and digital tools to improve services
  • an update on the acute and mental health global digital exemplars – organisations which deliver care through world-class use of digital technology and information flows
  • which trusts will form part of a further wave of exemplars – the ‘Fast Followers’ – which will receive £160 million funding
  • £21 million of new matched funding for up to 7 mental health “Fast Followers” – creating fresh investment of up to £42 million

Extracurricular Cyber Clubs To Inspire And Identify Tomorrow’s Cyber Security Professionals

Thousands of teenagers are to be given intensive cyber security training and mentoring in extracurricular clubs as part of plans to address the risk of a future skills shortage, as the need for cyber security experts is set to skyrocket.

The Cyber Schools Programme aims to support and encourage schoolchildren to develop some of the key skills they would need to work in the growing cyber security sector and help defend the nation’s businesses against online threats.

Up to £20m is available to deliver an extracurricular school programme which will see an army of expert external instructors teaching, testing and training teenagers selected for the programme, with a comprehensive cyber curriculum expected to mix classroom and online teaching with real-world challenges and hands-on work experience.

The Cyber Schools Programme, led by the Department for Culture, Media and Sport (DCMS), is aimed at those aged between 14 and 18, with a target for at least 5,700 teenagers to be trained by 2021.

This programme is for students with the aptitude and enthusiasm for the subject. It aims to appeal to children from all backgrounds, including those currently underrepresented in cyber security jobs.

Cyber security is an exciting industry with strong job prospects. Recent figures from the Tech Partnership show there are already 58,000 cyber security specialists in a growing sector worth £22bn a year to the economy. This is part of the Government’s commitment to prepare Britain for the challenges it faces now and in the future.

Minister of State for Digital and Culture Matt Hancock said:

This forward-thinking programme will see thousands of the best and brightest young minds given the opportunity to learn cutting-edge cyber security skills alongside their secondary school studies. We are determined to prepare Britain for the challenges it faces now and in the future and these extracurricular clubs will help identify and inspire future talent.

Students will be expected to commit to four hours a week. This will include classroom-based and online-teaching with flexibility around exams and busier study periods.

The aim is for students to start aged 14 and complete a four-year programme. It will be delivered in modules, meaning older students can join at any point providing they meet the right criteria. The provider will have the flexibility to decide the most appropriate way to deliver the programme, and the pilot, to begin in September 2017, will be monitored and reviewed after the first year.

The programme is all part of the Government’s National Cyber Security Programme to find, finesse and fast-track tomorrow’s online security experts.

It includes the recently announced CyberFirst bursary funding scheme, which offers grants of up to £4,000 for up to 1,000 students by 2020 to study a relevant degree, do a placement or attend a summer school and, depending on meeting requirements, the chance to work in national security on graduation.

There are 2,500 free places on CyberFirst in 2017 and an additional CyberFirst Girls Competition, where teams of 13-to-15-year-old young women can pit their wits against one another to crack a series of online puzzles.

DCMS is also supporting leading employers in critical energy and transport infrastructure to train and recruit up to 50 highly skilled apprentices aged 16 and over to help defend essential services against cyber attacks. The Cyber Security Apprenticeships for Critical Sectors Scheme is open now for applications for those with a natural flair for problem solving and who are passionate about technology.

A Cyber Retraining Academy, launched in January, is also helping more than 50 high-aptitude people fast-track into the cyber security industry with a ten-week intensive training course.

Story via

Britain’s Cyber Security Bolstered By World-class Strategy

The UK will be one of the safest places in the world to do business, with a world-class cyber security industry and workforce thanks to a new plan underpinned by £1.9 billion of investment.

The Chancellor, Philip Hammond has formally launched the government’s new National Cyber Security Strategy, which will set out decisive action to protect the UK economy and the privacy of British citizens, while encouraging industry to up its game to prevent damaging cyber-attacks.

Almost doubling the funding commitments of the first strategy which ran from 2011, the new plan outlines:

  • how the UK will use automated defences to safeguard citizens and businesses against growing cyber threats
  • support the UK’s growing cyber security industry
  • develop a world-class cyber workforce
  • deter cyber-attacks from criminals and hostile actors

Cyber security is recognised as one of the greatest threats to business around the world, with the global cost of crimes in cyberspace estimated at $445 billion, according to the World Economic Forum’s 2016 Global Risks Report.

Measures within the new National Cyber Security Strategy to keep the UK’s cyberspace safe are therefore crucial to the future of the UK’s economy.

Outlining how cyber security underpins our daily lives such as through domestic devices in our homes and cars, air traffic control and power grids, the Chancellor reinforced how the threat of attacks invade our privacy and threaten our national security and set out how the government plans to deal with it.

The approach on cyber is a core part of the upcoming Industrial Strategy.

He explained how increasingly vulnerable society is to cyber-attacks thanks to the expanding range of connected devices which are creating more opportunities for exploitation; more demand for training and skills; old legacy IT systems used by many organisations in the UK and the readily available suite of user-friendly hacking tools which means everyone from the living room to the boardroom is exposed to malicious hackers.

The Chancellor also emphasised the responsibility that CEO’s have to make sure their organisations are secure against cyber-attacks and the additional support government will give industry and wider society through the new National Cyber Security Centre.

The National Cyber Security Strategy:

Underpinned by £1.9 billion of investment for dedicated actions through three key areas.


The strategy sets out how government will strengthen its own defences as well as making sure industry takes the right steps to protect Critical National Infrastructure in sectors like energy and transport. We will do this through working in partnership with industry – including companies such as the innovative SME Netcraft – to use automated defence techniques to reduce the impact of cyber-attacks by hackers, stopping viruses and spam emails ever reaching their intended victims for example.

The Chancellor pointed to the recent successes of government. Previously a website serving web-inject malware would stay active for over a month- now it is less than two days. UK-based phishing sites would remain active for a day- now it is less than an hour. And phishing sites impersonating government’s own departments would have stayed active for two days – now it is less than 5 hours. The Chancellor also pointed to the recent success of government in reducing the ability of attackers to spoof emails – extracting valuable information from duped receipts. Our recent work saw the spoofing of [email protected] go from 50,000 per day to effectively zero in the past 6 weeks.


Significant investment will go towards taking the fight to those who threaten Britain in cyber-space and relentlessly pursuing anyone who persists in attacking us. This will be done in part through strengthening our law enforcement capabilities to raise the cost of cyber-crime, building international partnerships and being clear that the UK will defend itself in cyberspace and strike back against those that try to harm our country.

This year alone we are recruiting over 50 specialist cyber-crime investigators and technical specialists working within the National Cyber Crime Unit, enhancing their ability to provide a powerful and highly visible investigative response to the most serious incidents of cyber-crime: pursuing cyber criminals at a national and international level. This is part of tens of millions of pounds of investment in our cybercrime law enforcement capability, locally and nationally.


The new plan places strong emphasis on developing the nation’s capabilities to keep pace with cyber threats. We will also increase investment in the next generation of students and experts.

The Chancellor also announced a new cyber security research institute – a virtual collection of UK universities which will look to improve the security of smart phones, tablets and laptops through research that could one day make passwords obsolete.

This builds on a range of cutting edge skills and education initiatives, including cyber apprentices, retraining schemes and an advanced cyber security teaching in schools, which are already being developed.

We are creating the UK’s first cyber security Innovation Centre in Cheltenham, will launch a Cyber Innovation Fund next year to develop innovate technologies and products and are funding training and support for cyber start-ups and academics to help them commercialise cutting edge research and attract investment from the private sector.

These actions will ensure that the UK continues to be the world leading digital nation, building on the successes of the previous strategy.

Chancellor of the Exchequer, Philip Hammond said:

Britain is already an acknowledged global leader in cyber security thanks to our investment of over £860 million in the last Parliament, but we must now keep up with the scale and pace of the threats we face. Our new strategy, underpinned by £1.9 billion of support over 5 years and excellent partnerships with industry and academia, will allow us to take even greater steps to defend ourselves in cyberspace and to strike back when we are attacked.

Ben Gummer, Minister for the Cabinet Office & Paymaster General, said:

No longer the stuff of spy thrillers and action movies, cyber-attacks are a reality and they are happening now. Our adversaries are varied – organised criminal groups, ‘hactivists’, untrained teenagers and foreign states.

The first duty of the government is to keep the nation safe. Any modern state cannot remain secure and prosperous without securing itself in cyberspace. That is why we are taking the decisive action needed to protect our country, our economy and our citizens.

We can be proud that the UK leads the world in cyber security.

Cindy Rose, UK CEO, Microsoft, said:

The mobile-first, cloud-first world holds enormous potential for organisations and individuals to generate new and exciting growth opportunities.

However, there is a corresponding risk that as people increase their technology usage they also increase their exposure to cyber security threats. It is critical for all organisations to strengthen their core security hygiene as well as creating a pervasive security culture through education and awareness.

All participants in the security ecosystem also need to work together to ensure everyone can trust the technology they use. The Chancellor’s announcement is the kind of initiative that the UK needs to protect British citizens from the growing threats we face. We welcome the government’s focus on tackling this significant issue which affects business and individuals alike.

Story via