An award winning security paper published this week explains a newly discovered vulnerability called SAD DNS which leaves many websites vulnerable to man-in-the-middle and impersonation attacks. DNS is the system that converts friendly website addresses (www.secureteam.co.uk) into the numeric IP addresses used by TCP/IP. SAD DNS is a flaw discovered in the DNS protocol which […]
SAD DNS vulnerability revives risk of DNS poisoning Read More »
A research paper just published by NortonLifeLock analysed details of app installations on 12 million Android devices and determined that most malware and unwanted apps are actually downloaded from the Google Play store. The research paper examined the installation details of almost 8 million different apps onto 12 million devices during the Autumn of 2019
Where most Android malware comes from Read More »
On Monday 9th November, Facebook ads started to appear targeting the Campari Group which is still mired in the middle of a ransomware attack. It appears the criminals behind the attack on Campari used a hacked Facebook account to place the ads in order to increase the pressure on Campari to pay the demanded ransom.
Ransomware group now using FB Ads to pressure victims Read More »
The November security patch bundle from Microsoft fixes 112 security vulnerabilities in their products, including 12 Remote Code Execution vulnerabilities. Noteworthy vulnerabilities fixed this month include: Windows Kernel Local Elevation of Privilege: CVE-2020-17087 Observed under active attack in the wild by Google, CVE-2020-17087 is an elevation of privilege vulnerability that was being used in
November Patch Tuesday fixes 12 RCE vulnerabilities Read More »
Adobe has issued patches for critical vulnerabilities in their Acrobat and Acrobat Reader software widely used for creating and reading PDF documents. 12 fixes are included in the latest security updates, three are rated as Critical as they can be exploited to achieve arbitrary code execution. In other words, this means simply opening a specially
Adobe issues Acrobat security patches Read More »
Google’s Project Zero has disclosed the details of a Windows 0-day vulnerability under active attack which affects all versions from Windows 7 through to Windows 10. No patch is yet available from Microsoft but one is expected in the November 2020 patch Tuesday updates. Last week we published details of a Chrome Browser 0-day vulnerability
Windows 0-day vulnerability disclosed Read More »
The NSA (National Security Agency) recently published a security advisory about the publicly known vulnerabilities currently being exploited by Chinese state-sponsored actors. While this security advisory is focused on the activities of state-sponsored actors, it does show the threats and vulnerabilities considered most useful for exploitation. Taking a quick look at the list could provide
The Top 10 vulnerabilities being exploited today Read More »
Last week an SQL injection vulnerability was discovered in the popular Loginizer plugin used by over a million WordPress sites. Such was the risk, WordPress took the unusual step of forcing updates into sites that use the plug-in – even those with auto-update turned off. The flaw in Loginizer can be exploited by an attacker
WordPress force updates a million sites to fix SQLi flaw Read More »
Google has issued an urgent update for Chrome which patches a zero-day vulnerability under active exploitation. The Chrome team took just one day from report of the vulnerability to issuing the patch, such is the danger posed by this flaw. The patch is included in Chrome version v86.0.4240.111 (CVE-2020-15999) – any older versions should be
Google Patches Chrome Zero-Day Vulnerability Read More »
Microsoft has patched a Remote Code Execution vulnerability in Visual Studio which could be exploited by creating a code repository – such as for a popular open source tool – and convincing a developer to clone and open it. The vulnerability (CVE-2020-17023) exists in the handling of the ‘package.json’ file and can be exploited to
Visual Studio RCE Vulnerability Patched Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.