The threat actor tracked by Microsoft as Storm-0558 has been able to utilise a stolen consumer signing key to access accounts and emails in Exchange Online through Outlook Web Access (OWA), and on Outlook.com. This threat actor is thought to be based in China and has a history of targeting Western European and U.S.-based companies […]
Microsoft Key Used for Unauthorised Email Access Read More »
An actively exploited vulnerability has been patched in that latest updates for Ivanti Endpoint Manager Mobile (EPMM), previously known as MobileIron Core. This zero-day flaw affects all supported versions of this mobile device management software, as well as some older release versions before EPMM 11.8.1.0 that are no longer managed by the developers. Ivanti have
Ivanti Patch Actively Exploited EPMM Zero-Day Flaw Read More »
A peer-to-peer (P2P) worm known as P2PInfect has been discovered by security researchers at Unit42 to be actively targeting Windows and Linux based Redis servers. Redis is an open-source database application used in cloud environments. This Rust-based worm targets publicly communicating internet-exposed cloud-based servers by exploiting a flaw that is over a year old. There
Unpatched Redis Servers Targeted by P2P Malware Read More »
A critical severity Citrix ADC and Citrix Gateway remote code execution (RCE) flaw has been confirmed to be exploited in the wild. Now known as NetScaler ADC and NetScaler Gateway, both end of life and supported versions of these products are vulnerable to this flaw, and two other vulnerabilities, addressed in the latest security update
Citrix ADC and Gateway RCE Vulnerability Exploited Read More »
Adobe ColdFusion vulnerabilities are being actively exploited by attackers to bypass authentication and execute remote commands to create a webshell on the vulnerable endpoint. ColdFusion is an Adobe product for web developers providing cloud based coding environments to build apps. Researchers at Rapid7 discovered an improper access control vulnerability in Adobe ColdFusion 2018, 2021, and
Adobe ColdFusion Attack Chain Actively Exploited Read More »
A list of the top 25 most dangerous common weakness enumeration (CWE) software weaknesses for 2023 has been compiled by MITRE to inform people of the “most common and impactful” vulnerabilities and weaknesses affecting software over the past two years. This list was created using CVE data from the National Institute of Standards and Technology
MITRE’s Top 25 Most Dangerous CWEs for 2023 Read More »
Open-source social network Mastodon has needed to address one high severity and two critical severity vulnerabilities affecting their platform and servers, as well as one moderate severity flaw. Security advisories released by Mastodon explain that these vulnerabilities were discovered by auditors at Cure53 during a code review they were completing on behalf of Mozilla. The
Mastodon Patch High and Critical Vulnerabilities Read More »
The new Android security update for this month has fixed a total of 46 vulnerabilities, three of which are thought to be actively exploited in what Android describe as “limited, targeted” attacks. Two security patch levels have been released, 2023-07-01, which addresses all issues within this security patch level for the system and framework as
Android July Update Patches Actively Exploited Flaws Read More »
Statistics released by GOV.UK suggest that the number of small to medium-sized enterprises (SMEs) in the UK has increased by 2 million over the last two decades. There are now an estimated 5.5 million SMEs operating across the country. Mobile apps are essential for the success of SMEs. Financial-related apps, such as Paypal, QuickBooks,
The Most Invasive Apps for SMEs Read More »
A critical zero-day vulnerability has been exploited in the WordPress plugin Ultimate Member that allows attackers to escalate their privileges and gain full control over the website. Ultimate Member is a WordPress plugin that enables users to sign-up, and for the WordPress website to handle memberships and profiles. It currently has over 200,000+ active installations,
Zero-Day Vulnerability Exploited in WordPress Plugin Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.