News

News

7E supports Scottish talent

One of the key motivations in establishing 7 Elements was a drive to deliver customer focussed security testing that provided clients with a service they need and to proactively support and develop the wider security community for the benefit of everyone. As part of this commitment, 7 Elements recently offered two students from Glasgow Caledonian […]

Read More

Graduate Junior Security Tester Vacancy

7 Elements is looking to take on another Junior Security Tester in the summer of 2014. Through our dedicated Graduate Junior Security Tester Training and Development Plan they will gain the skills and experience necessary to become an independent, effective and highly skilled manual security tester. More information on this vacancy can be found on […]

Read More

Cyber Security 2014

Our CEO David Stubley will be opening the Cyber Security 2014 conference at the Gogarburn Conference Centre, RBS World Headquarters, Edinburgh next Thursday 6th February 2014. His talk will be on ‘Cyber Security: Setting the Scene‘. During this talk David will explore the question of “What is Cyber Security?” Using real life case studies David will provide […]

Read More

OWASP AppSec Eu 2014

OWASP AppSec Europe is returning to the United Kingdom in 2014 and 7 Elements are proud to announce that we will be sponsoring this event. Hosted this year in Cambridge, the event will take place from the 23rd to the 26th of June and will include: Two days of training and a two day conference Three tracks, focusing […]

Read More

Update from Thecus

On the 28th January, Thecus made further contact with our team to advise of fixes to the vulnerable firmware reported by 7 Elements, please see our blog for further details.

Read More

CVE-2013-5668 Thecus NAS Server Domain Administrator Password Disclosure

Advisory Information Title: Thecus NAS Server Domain Administrator Password Disclosure Date published: 13 January 2014 Reference: CVE-2013-5668 Advisory Summary The Domain Administrator Password within the ADS/NT Support page is disclosed due to clear text storage of sensitive information within the GUI. Vendor Thecus <http://www.thecus.com/> Affected Software Thecus NAS Server N8800 Firmware 5.03.01 Description of Issue The Domain Administrator […]

Read More

CVE-2013-5669 Thecus NAS Server Plain Text Administrative Password

Advisory Information Title: Thecus NAS Server Plain Text Administrative Password Date published: 13 January 2014 Reference: CVE-2013-5669 Advisory Summary The Network Attached Storage (NAS) Administration Web Page for Thecus NAS Server N8800 transmits passwords in cleartext by default, which allows remote attackers to sniff the administrative password. Vendor Thecus <http://www.thecus.com/> Affected Software Thecus NAS Server N8800 Firmware 5.03.01 Description […]

Read More

CVE-2013-5667 Thecus NAS Server get_userid OS Command Injection

Advisory Information Title: Thecus NAS Server get_userid OS Command Injection Date published: 13 January 2014 Reference: CVE-2013-5667 Advisory Summary A lack of input validation allows an attacker to execute OS commands directly on the operating system. Vendor Thecus <http://www.thecus.com/> Affected Software Thecus NAS Server N8800 Firmware 5.03.01 Description of Issue The issue exists because the […]

Read More

ICO issue BYOD advice

ICO issue BYOD advice. The Information Commissioner’s Office (ICO) has recently issued advice for companies with regards to BYOD (Bring Your Own Device). This guidance explores what you need to consider if permitting the use of personal devices to process personal data for which you are responsible. The ICO document can be found here: ico_bring_your_own_device_byod_guidance

Read More

CVE-2013-6880 FlashCanvas proxy.php XSS Vulnerability

Advisory Information Title: FlashCanvas proxy.php XSS Vulnerability Date published: 11 December 2013 Reference: CVE-2013-6880 Advisory Summary Script does not adequately verify the Referer header before requesting (via curl) the remote URL specified in the ‘url’ GET parameter and rendering it. Vendor FlashCanvas.net <http://flashcanvas.net/> Affected Software FlashCanvas 1.5 and possibly older. FlashCanvas is also used in […]

Read More