+44 (0)203 88 020 88

Menu

Search

2022

Microsoft Patches Critical Zero-Day Vulnerabilities

Microsoft’s August patch Tuesday security update included fixes for 138 vulnerabilities, 17 of which were classified as ‘Critical’ flaws. The security patches issued cover 40 different Microsoft and Windows products and features, including critical Windows system operations, and popular applications such as Microsoft Edge, Microsoft Office, and the Microsoft Exchange Server. Two zero-day vulnerabilities were […]

Microsoft Patches Critical Zero-Day Vulnerabilities Read More »

Amex and Snapchat used in Open Redirect Attacks

Google Workspace and Microsoft 365 users have been targeted in phishing attacks that have resulted in the attackers stealing credentials. The attackers exploited known flaws in Snapchat and American Express websites to trigger open redirects to specially crafted web pages, where the credential harvesting could then take place. Email security company Inky detected these attacks

Amex and Snapchat used in Open Redirect Attacks Read More »

VMware Patch Critical Authentication Bypass Flaw

VMware released a critical security advisory this week to warn users of security vulnerabilities that have been found in a variety of their systems. VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector, and vRealize Automation products have all received security patches to deal with these vulnerabilities. VMware advise all users that it

VMware Patch Critical Authentication Bypass Flaw Read More »

Critical Confluence Vulnerability Exploited in the Wild

A vulnerability in Atlassian’s Questions for Confluence app has been found that includes hardcoded credentials that remote attackers can exploit to access the Confluence Server or Confluence Data Center it is hosted on. The versions of Questions for Confluence with this vulnerability unpatched are 2.7.34, 2.7.35, and 3.0.2. Atlassian have released a security advisory rating

Critical Confluence Vulnerability Exploited in the Wild Read More »

Microsoft Exchange Servers Open to Backdoor Hack

Microsoft have warned customers of a form of attack capable of targeting unpatched Microsoft Exchange servers. The attacks taking place in the first 5 months of this year saw threat actors using Internet Information Services (IIS) extension modules to: access their victim’s email mailboxes, execute commands remotely, harvest credentials from within the system memory, steal

Microsoft Exchange Servers Open to Backdoor Hack Read More »

New Backdoor Linux Malware ‘Lightning Framework’

A new, previously undetected, Linux malware known as ‘Lightning Framework’ can be used as a backdoor to install rootkits in infected devices via Secure Shell (SSH). A report released by Intezer this week calls this malware “Swiss Army Knife-like” due to its wide range of capabilities, and ability to use techniques to avoid detection and

New Backdoor Linux Malware ‘Lightning Framework’ Read More »

Phishing Attacks That Can Bypass MFA

A large-scale phishing attack campaign has emerged using adversary-in-the-middle (AiTM) to steal credentials and circumvent multi-factor authentication (MFA) needs. Microsoft have released a security blog post regarding the use of these phishing attacks and the impersonation of Microsoft Azure Active Directory (Azure AD) login pages. This campaign has reportedly targeted over 10,000 organisations in the

Phishing Attacks That Can Bypass MFA Read More »

0

No products in the basket.

No products in the basket.