EvilExtractor is an info stealer malware tool designed for data theft attacks on Windows operating systems. Researchers at Fortinet’s threat research group FortiGuard Labs have published an analysis of this tool detailing the attack method for this malware, and its impact on its victims. The research concluded that although there are no specific industries targeted […]
EvilExtractor Sold as ‘Educational Tool’ is Info Stealer Read More »
Another zero-day vulnerability has been identified in the Google Chrome desktop application, just days after the previous emergency update was released. Microsoft have determined this to be a publicly disclosed vulnerability with a verified exploit. The stable channel update for desktop version 112.0.5615.137 was released last week for Windows and Mac, with the Linux update
New Chromium OSS Zero-Day Actively Exploited Read More »
A security update has been released by VMware to patch two vulnerabilities in VMware Aria Operations for Logs products, which were previously called vRealize Log Insight. VMware vRealize Log Insight products had multiple remote code execution vulnerabilities that were addressed in January which could be exploited together in an attack chain. This new update addresses
Critical Vulnerabilities Patched by VMware Read More »
Unpatched Cisco IOS routers are being targeted by Russian state-backed threat actor APT28 to deploy ‘Jaguar Tooth’ malware by exploiting a vulnerability from 2017. The National Cyber Security Centre (NCSC) have published a malware analysis report investigating this non-persistent malware recently seen to be infecting Cisco IOS routers using firmware C5350-IS-M version 12.3(6). A joint
NCSC Warn of Jaguar Tooth Malware on Cisco Routers Read More »
The threat actor known as Vice Society, a ransomware gang known for their attacks against the education sector in the USA, has recently been found to use a custom Microsoft PowerShell (PS) script for exfiltrating data from their victims. This threat actor previously used PS scripts staged on a domain controller to perform a range
Vice Society Use Automated Data Exfiltration Read More »
An emergency security update has been released by Google for Chrome stable channel for desktop for Windows, Mac, and Linux. This is the first emergency update released so far in 2023 to patch an actively exploited zero-day vulnerability in Google Chrome’s desktop application. The updated version v112.0.5615.121 also includes other security fixes deemed necessary from
Google Chrome Emergency Update Patches Zero-Day Read More »
A total of 97 vulnerabilities were resolved in April’s patch Tuesday updates from Microsoft this week, including 7 critical severity flaws, and an actively exploited zero-day flaw with a publicly disclosed exploit. Critical severity flaw CVE-2023-28250 has a CVSS base score of 9.8 and is found in the Windows pragmatic general multicast (PGM) protocol. This
Microsoft Fixes Critical and Publicly Disclosed Flaws Read More »
Emergency security updates have been released by Apple for macOS, iOS, iPadOS, and Safari to patch two zero-day vulnerabilities, one of which has a publicly disclosed exploit. The other zero-day flaw addressed in these updates is also reported to be actively exploited in the wild. These emergency updates by Apple have been published less than
Apple Patch Zero-Day with Publicly Disclosed Exploit Read More »
HP Enterprise LaserJet and HP LaserJet Managed printers that use FutureSmart version 5.6 and have enabled IPsec could be vulnerable to a disclosed, unpatched, critical severity vulnerability that HP have warned will take 90 days to remediate. A security bulletin was released by HP this week to inform customers of this vulnerability which includes an
Critical Vulnerability in HP Enterprise Printers Read More »
A high severity vulnerability in WordPress plugin Elementor Pro has been found to be actively exploited. The plugin WooCommerce must also be running on the same site in order for this exploit to take place. The payment plugin WooCommerce was force-updated in March to patch a critical vulnerability that let unauthenticated attackers gain admin access
WordPress Elementor Pro Plugin Flaw Exploited Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.