SecureTeam

Zyxel Patch Critical Buffer Overflow Vulnerabilities

Zyxel firewall and VPN products have been found to contain two critical severity buffer overflow vulnerabilities that could be exploited by unauthenticated attackers. The affected products include ATP, USG FLEX, USG FLEX50(W) and USG20(W)-VPN, VPN, and ZyWall/USG. Zyxel have released a security advisory to inform users of these products about these vulnerabilities, and which patch […]

Zyxel Patch Critical Buffer Overflow Vulnerabilities Read More »

Critical Flaws in D-View Network Management Suite

News, Vulnerabilities / Ian Reynolds

D-View network management suite, developed by D-Link, has received a security update to patch two critical severity vulnerabilities. D-View can be used to control device configurations, monitor performance, and create network maps, as well as for other administrative network management tasks. These operations require access to devices and network components with high privileges so the

Critical Flaws in D-View Network Management Suite Read More »

Managing Supply Chain Attacks with Cyber Security

Articles, Information Assurance / Ian Reynolds

Supply chain security is an important but often overlooked step of cyber security risk management. Incidents that affect your suppliers can have as much of a damaging impact on your organisation as a direct attack would. Understanding your supply chain, and the points at which vulnerabilities can be introduced and exploited, is a key step

Managing Supply Chain Attacks with Cyber Security Read More »

Maximum Severity Flaw Patched in GitLab

News, Vulnerabilities / Ian Reynolds

A vulnerability affecting GitLab Community and Enterprise Editions, has been assigned the highest possible CVSS score of 10.0. GitLab is a web-based Git repository used for remote code management by developers and their teams, with approximately 30 million registered users. GitLab have released an emergency security update to address this critical flaw which they advise

Maximum Severity Flaw Patched in GitLab Read More »

Actively Exploited Flaws Patched in Apple Devices

News, Vulnerabilities / Ian Reynolds

The latest software updates released by Apple for macOS, iOS, iPadOS, Safari, tvOS, and watchOS contain patches for three zero-day vulnerabilities that are known to be actively exploited in attacks. These vulnerabilities exist within the WebKit browser engine used by Safari, and other macOS and iOS applications. Currently the CVE information about these vulnerabilities is

Actively Exploited Flaws Patched in Apple Devices Read More »

Windows Security Feature Bypass Vulnerability

News, Vulnerabilities / Ian Reynolds

Attackers are targeting a pair of Windows bugs that can be exploited simply by sending a malicious email to the victim, allowing the attacker to steal the users Windows credentials. A vulnerability in the MSHTML / EdgeHTML component used in Microsoft products such as Internet Explorer (now retired), WebBrowser control, Microsoft Edge, and other legacy applications

Windows Security Feature Bypass Vulnerability Read More »

WordPress Plugin Flaw has Public Exploit Code

News, Vulnerabilities / Ian Reynolds

A vulnerability in the WordPress plugin Advanced Custom Fields and Advanced Custom Fields Pro is being actively exploited by attackers after proof of concept (PoC) code for the exploit was released. The Advanced Customs Fields plugin has been installed on over 2M WordPress sites worldwide however only 31.5% of users have installed update version 6.1

WordPress Plugin Flaw has Public Exploit Code Read More »

New Botnet Campaign uses Critical Ruckus Flaw

Articles, Information Assurance / Ian Reynolds

Researchers at Fortinet have identified a new botnet campaign that utilises a Ruckus remote code execution (RCE) vulnerability to install malware and perform distributed denial of service (DDoS) attacks. This botnet is known as AndoryuBot due to the filename ‘Andoryu’ being used for the malware installed in this attack. It was first seen in attacks

New Botnet Campaign uses Critical Ruckus Flaw Read More »

Linux Kernel Vulnerability Allows Elevation to Root

News, Vulnerabilities / Ian Reynolds

A vulnerability has been identified in NetFilter, a packet filtering and NAT (Network Address Translation) framework within the Linux kernel. This vulnerability can allow local users to escalate privileges to gain root level access, resulting in complete control over the vulnerable system. Multiple Linux kernel releases are affected by this flaw, including the most recent

Linux Kernel Vulnerability Allows Elevation to Root Read More »

Android Update Patches Exploited Kernel Flaw

News, Vulnerabilities / Ian Reynolds

An Android security bulletin has been released detailing the vulnerabilities patched in the May 2023 updates for patch levels 2023-05-01 and 2023-05-05. Included in this update is a fix for a high severity flaw first identified in January, found in the Linux Kernel of affected devices. This vulnerability is known to have been exploited as

Android Update Patches Exploited Kernel Flaw Read More »

May 2023

Zyxel Patch Critical Buffer Overflow Vulnerabilities

Critical Flaws in D-View Network Management Suite

Managing Supply Chain Attacks with Cyber Security

Maximum Severity Flaw Patched in GitLab

Actively Exploited Flaws Patched in Apple Devices

Windows Security Feature Bypass Vulnerability

WordPress Plugin Flaw has Public Exploit Code

New Botnet Campaign uses Critical Ruckus Flaw

Linux Kernel Vulnerability Allows Elevation to Root

Android Update Patches Exploited Kernel Flaw

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch