Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Quality Policy
    • Security Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us

Blog

Home 2023 March

Open-Source Phishing Kit Used in AiTM Attacks

By Mark Faithfull | Articles, Information Assurance | 30 March, 2023 | 0

Adversary in the middle (AiTM) is a phishing attack technique in which a proxy server is deployed between the victim and the website they are attempting to access. This allows for the attacker to be placed ‘in the middle’ of the victim and the target website, allowing the attacker to intercept and steal the victim’sRead more

Veeam Vulnerability Exploit Code Released

By Mark Faithfull | News, Vulnerabilities | 28 March, 2023 | 0

Proof of concept (PoC) code has been released for a cross-platform exploit that can be performed on unpatched Veeam Backup & Replication (VBR) software. Veeam are a data security organisation whose backup and recovery software is used as both on-premises and cloud-based data protection solutions. Security updates to patch the exploitable vulnerability were released earlierRead more

Apple Release Critical MacOS Vulnerability Updates

By Mark Faithfull | News, Vulnerabilities | 28 March, 2023 | 0

Security updates for macOS Ventura, macOS Monterey, and macOS Big Sur have been released to address the security vulnerabilities found in these systems. Four critical severity vulnerabilities are included in these updates, all with a CVSS base score of 9.8/10. Not a lot of information is currently available about these flaws, as Apple doesn’t discloseRead more

Google Pixel Markup Flaw Restores Edited Images

By Mark Faithfull | News, Vulnerabilities | 21 March, 2023 | 0

A vulnerability in the Google Pixel Markup tool can be used to recover redacted and edited screenshots, leading to sensitive information disclosure. Security researchers Simon Aarons and David Buchanan who discovered the exploit for this vulnerability dubbed it the aCropalypse flaw which signifies the ability to restore cropped and edited images to their original stateRead more

Adobe ColdFusion Vulnerability Actively Exploited

By Mark Faithfull | News, Vulnerabilities | 21 March, 2023 | 0

A critical arbitrary code execution vulnerability is being actively exploited in unpatched Adobe ColdFusion versions 2018 and 2021. A security bulletin was released by Adobe to inform users of this actively exploited vulnerability, along with two other vulnerabilities patched in the same update, a critical severity deserialisation flaw and a memory leak path traversal vulnerability.Read more

Two Zero-Day Vulnerabilities Fixed in Patch Tuesday

By Mark Faithfull | News, Vulnerabilities | 15 March, 2023 | 0

A total of 83 vulnerabilities have been addressed in this month’s patch Tuesday security updates from Microsoft, including two zero-day flaws, and nine vulnerabilities rated as critical severity. Four of these critical severity vulnerabilities specifically affecting Windows 11, and one affecting Microsoft Office, have been included in Microsoft Defender’s default new vulnerabilities notifications sent toRead more

Critical and Exploited Vulnerabilities in FortiOS

By Mark Faithfull | News, Vulnerabilities | 14 March, 2023 | 0

A zero-day flaw in FortiOS has been found to be exploited in attacks against governmental and other large organisations, resulting in file corruption and data loss. This vulnerability was only considered medium severity, with a CVSS base score of 6.5, however it has been exploited to take down multiple FortiGate firewall devices in a complexRead more

Flaws in Windows 11 Security Hardware TPM 2.0

By Mark Faithfull | News, Vulnerabilities | 13 March, 2023 | 0

Two out-of-bounds buffer overflow vulnerabilities have been found in the TPM 2.0 system hardware used across all Windows 11 devices. A TPM (Trusted Platform Module) is a processor used for hardware-based cryptographic operations, to secure encryption keys, and protect the boot process by defending against malicious tampering. Microsoft made it a requirement for PCs toRead more

LastPass Hack Due to Unpatched Software

By Mark Faithfull | Articles, Information Assurance | 8 March, 2023 | 0

LastPass suffered two large-scale and public data breaches last year, the first in August to steal source code, and the second in November where partially encrypted password vault data and customer information was stolen. Information from the first breach was used to carry out the second attack, and a keylogger was installed on a seniorRead more

Android Update Fixes Critical Vulnerabilities

By Mark Faithfull | News, Vulnerabilities | 8 March, 2023 | 0

A new security update has been released for Android devices, patching a total of 60 vulnerabilities across two security patch levels, including 4 critical severity flaws. The March Android Security Bulletin lists each vulnerability, it’s type, and the severity, however detailed information about each flaw has not yet been released to allow users to applyRead more

12

Recent Posts

  • WinRAR Remote Code Execution Flaw Patched
  • Stack-Based Buffer Overflows in Ivanti Avalanche
  • Microsoft Teams Used in Social Engineering Attacks
  • LinkedIn Accounts Hijacked By Cyber Criminals
  • Malware Attacks Target Zyxel End-Of-Life Routers

Recent Comments

    Archives

    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • April 2020
    • March 2020
    • February 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • July 2018
    • June 2018
    • April 2018
    • January 2018
    • October 2017
    information. secured.
    • Home
    • Our Services
      • Infrastructure Testing
        • Internal Network Penetration Test
        • External Network Penetration Test
        • Wireless Network Penetration Test
        • Vulnerability Assessment
        • Network Segregation Test
        • Voice over IP (VoIP) Penetration Test
      • Application Testing
        • Web Application Penetration Test
        • Mobile Application Penetration Test
        • Desktop Application Security Assessment
        • Citrix Breakout Test
      • Configuration Review
        • Windows Server Build Review
        • Linux Server Build Review
        • Citrix Configuration Review
      • Information Assurance
        • ISO 27001 Gap Analysis
      • Cyber Essentials
    • News
    • Articles
    • About
      • About SecureTeam
      • STORM Appliances
        • Installing a STORM Device
        • Returning a STORM Device
      • White-Label Consultancy
      • Jobs
      • Cookie Policy
      • Quality Policy
      • Security Policy
      • Privacy Notice
      • Website Terms & Conditions
    • Contact Us
    SecureTeam