SecureTeam

Publicly Disclosed Windows Vulnerability Patched

An actively exploited Windows Client Server Runtime Subsystem (CSRSS) vulnerability was one of 84 patched in this week’s Microsoft patch Tuesday. First discovered by the Microsoft Threat intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC), CVE-2022-22047 is tracked as a ‘High’ severity vulnerability, with a CVSS rating of 7.8/10. It affects devices running Windows […]

Publicly Disclosed Windows Vulnerability Patched Read More »

Microsoft Delays Default Ban of Macros

News, Vulnerabilities / Ian Reynolds

Microsoft is undoing a decision it made earlier this year to disable macros by default in Microsoft Office applications. In February an update was announced that Microsoft was introducing a new way in which VBA macros would be handled. This change is now being rolled back by Microsoft until further notice. This affects the Microsoft

Microsoft Delays Default Ban of Macros Read More »

Chrome Update Patches Zero-Day Vulnerabilities

News, Vulnerabilities / Ian Reynolds

Google released updates this week for Android and desktop Chrome browser users. These updates address high criticality zero-day vulnerabilities including one which has been actively exploited. This is the fourth Chrome update so far this year to patch zero-day vulnerabilities, with previous key updates being released in February, March, and April. Users should make sure

Chrome Update Patches Zero-Day Vulnerabilities Read More »

Microsoft Issue Warning Over Android Toll Fraud

News, Vulnerabilities / Ian Reynolds

Toll fraud malware is similar to billing fraud; it triggers the subscription of users to premium services without their knowledge or consent. Microsoft have called toll fraud “one of the most prevalent types of Android malware”, emphasising why it is important to keep informed about this actively evolving threat. Users of Android 9.0 or lower

Microsoft Issue Warning Over Android Toll Fraud Read More »

ZuoRAT Malware Targets Home-Office Routers

News, Vulnerabilities / Ian Reynolds

A multistage remote access trojan (RAT), known as ZuoRAT, has been specifically developed to attack small office/home office (SOHO) routers. These devices have been more frequently used for work since the increase in home-working in 2020 due to the Covid-19 global pandemic. It is suspected that this attack has been going undetected for the past

ZuoRAT Malware Targets Home-Office Routers Read More »

Microsoft Patches Linux Cluster Bug

News, Vulnerabilities / Ian Reynolds

The Microsoft Security Response Centre released a blog post this week about a Service Fabric (SF) Linux Cluster vulnerability. This bug has been identified on both Linux and Windows operating systems, however Microsoft claims only Linux is vulnerable to attack. This vulnerability was published as CVE-2022-30137 by Microsoft earlier this month. Azure Service Fabric is a distributed systems

Microsoft Patches Linux Cluster Bug Read More »

Log4Shell (still) actively exploited on VMware Systems

Articles, Information Assurance / Ian Reynolds

The Cybersecurity and Infrastructure Security Agency (CISA) and United States Coast Guard Cyber Command (CGCYBER) released a joint security advisory last week to warn of the active exploitation of CVE-2021-44228. This vulnerability is commonly known as Log4j, or Log4Shell because it gives attackers a shell that allows them to remotely access internet facing Log4j devices.

Log4Shell (still) actively exploited on VMware Systems Read More »

Vulnerability reported on QNAP NAS Devices

News, Vulnerabilities / Ian Reynolds

A Security Advisory was published by QNAP on Wednesday to advise their customers of the status of Remote Code Execution vulnerability that affects many of their products. The vulnerability is in the versions of PHP which ship as part of the QNAP operating system. The vulnerability affects devices running: QTS 5.0.x and later QTS 4.5.x

Vulnerability reported on QNAP NAS Devices Read More »

How the Phone-Wiping Banking Trojan BRATA is Becoming a More Advanced Threat

Articles, Information Assurance, Social Engineering / Ian Reynolds

First discovered in 2019, BRATA malware is contained in a malicious app which victims are tricked into installing on their phones. BRATA is a banking Trojan that gains access to your bank, withdraws your funds, and then wipes your phone with a factory reset to hide the evidence of its activities. BRATA stands for “Brazilian

How the Phone-Wiping Banking Trojan BRATA is Becoming a More Advanced Threat Read More »

Cisco Small Business Routers Vulnerable to Attack

News, Vulnerabilities / Ian Reynolds

A zero-day vulnerability with a critical 9.8/10 severity rating has been identified in four Cisco Small Business RV Series Routers. These vulnerable products are RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router. These routers are listed as end-of-life products, and so Cisco have stated that they

Cisco Small Business Routers Vulnerable to Attack Read More »

2022

Publicly Disclosed Windows Vulnerability Patched

Microsoft Delays Default Ban of Macros

Chrome Update Patches Zero-Day Vulnerabilities

Microsoft Issue Warning Over Android Toll Fraud

ZuoRAT Malware Targets Home-Office Routers

Microsoft Patches Linux Cluster Bug

Log4Shell (still) actively exploited on VMware Systems

Vulnerability reported on QNAP NAS Devices

Cisco Small Business Routers Vulnerable to Attack

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch