SecureTeam

Actively Exploited Vulnerabilities in D-Link Devices

Four vulnerabilities in D-Link routers have been added to the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities Catalog this week. Also included in this week’s catalogue updates were now-patched zero-day vulnerabilities in Google Chrome, and Photo Station QNAP software. Three of the D-Link vulnerabilities identified as exploited by their addition to this list […]

Actively Exploited Vulnerabilities in D-Link Devices Read More »

HP Patch Escalation of Privilege Flaw

News, Vulnerabilities / Ian Reynolds

A security vulnerability has been identified in HP’s in-built software HP Support Assistant, that is present on all HP and Omen laptops and desktop computers. HP Support Assistant is pre-installed on all HP and Omen devices, so all users of these devices could be at risk. A security bulletin has been released this week by

HP Patch Escalation of Privilege Flaw Read More »

Five Malicious Chrome Extensions Identified

News, Tools / Ian Reynolds

Threat researchers at McAfee Labs have discovered 5 malicious extensions for Google Chrome, that track the browsing activity of the user, with a total of 1.4 million users affected. The identified extensions are: Netflix Party, Netflix Party 2, Full Page Screenshot Capture – Screenshotting, FlipShope – Price Tracker Extension, and AutoBuy Flash Sales. Although these

Five Malicious Chrome Extensions Identified Read More »

Critical Atlassian Bitbucket Vulnerability

News, Vulnerabilities / Ian Reynolds

A critical vulnerability has been identified in multiple versions of Atlassian’s Bitbucket Server and Bitbucket Data Center. A recent advisory released by Bitbucket Support explains that all versions after 6.10.17, including 7.0.0 and later, have been affected by this flaw. However, this vulnerability is not present in Atlassian Cloud sites, so users who access Bitbucket

Critical Atlassian Bitbucket Vulnerability Read More »

NOBELIUM’s Backdoor Malware: MagicWeb

Articles, Information Assurance / Ian Reynolds

Microsoft’s Threat Intelligence Center (MSTIC) have recently discovered a new malware capability that NOBELIUM are using called MagicWeb. Highly active threat actor NOBELIUM are known for targeting organisations across Europe, Central Asia, and the USA. First detected in 2020, they use unique malware that is usually tailored to their current target. The MagicWeb malware is

NOBELIUM’s Backdoor Malware: MagicWeb Read More »

GitLab Patch Critical Remote Code Execution Flaw

News, Vulnerabilities / Ian Reynolds

GitLab have published a critical security release this week to notify their users about an update that contains important security fixes. Versions 15.3.1, 15.2.3, and 15.1.5 were released for GitLab Community Edition (CE) and Enterprise Edition (EE), in order to patch a remote code execution (RCE) vulnerability. GitLab is used as a DevOps platform for

GitLab Patch Critical Remote Code Execution Flaw Read More »

Palo Alto Networks Exploited in DoS Attacks

News, Vulnerabilities / Ian Reynolds

A denial-of-service vulnerability was identified this month in Palo Alto Networks PAN-OS software. This week, the Cybersecurity and Infrastructure Agency (CISA), a branch of the US government, have added this vulnerability to their list of known exploited vulnerabilities. Tracked as CVE-2022-0028, this flaw affects the URL filtering policy in multiple versions of PAN-OS running on

Palo Alto Networks Exploited in DoS Attacks Read More »

What is Zeppelin Ransomware?

Articles, Information Assurance / Ian Reynolds

Ransomware is the biggest cyber threat for UK organisations according to the National Cyber Security Centre (NCSC), with the number of different types of ransomware doubling this year already, from 5,400 in late 2021, to 10,666 after just six months of 2022. A report by Fortinet suggests this rise could be due to the development

What is Zeppelin Ransomware? Read More »

Apple Fix Two Exploited Zero-Day Vulnerabilities

News, Vulnerabilities / Ian Reynolds

Apple have released a security update this week to patch two actively exploited zero-day vulnerabilities. Both of these flaws affect Macs using the macOS Monterey operating system, iPhone 6s and later generations, and all models of the iPad Pro. Updates for the operating systems of these affected devices were released on 17th August. Users should

Apple Fix Two Exploited Zero-Day Vulnerabilities Read More »

Chrome Update Fixes Critical and Zero-Day Flaws

News, Vulnerabilities / Ian Reynolds

Google have released a security update this week for the Chrome desktop app for Windows, Mac, and Linux. This update patches 11 vulnerabilities, one of which is a zero-day flaw that is known to be exploited in the wild, and another has been given a critical severity rating. This is the fifth security update for

Chrome Update Fixes Critical and Zero-Day Flaws Read More »

2022

Actively Exploited Vulnerabilities in D-Link Devices

HP Patch Escalation of Privilege Flaw

Five Malicious Chrome Extensions Identified

Critical Atlassian Bitbucket Vulnerability

NOBELIUM’s Backdoor Malware: MagicWeb

GitLab Patch Critical Remote Code Execution Flaw

Palo Alto Networks Exploited in DoS Attacks

What is Zeppelin Ransomware?

Apple Fix Two Exploited Zero-Day Vulnerabilities

Chrome Update Fixes Critical and Zero-Day Flaws

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch