A new version of the Chrome desktop app has been released to the Chrome Stable Channel available for all platforms. Chrome version 109.0.5414.74 on Linux, 109.0.5414.74/.75 on Windows, and 109.0.5414.87 on Mac contain new Chrome 109 features, as well as security patches for 17 vulnerabilities, two of which are high severity flaws. CVE-2023-0128 is a […]
Google Chrome Update Patches 17 Vulnerabilities Read More »
The cyber security challenges faced by organisations last year can give hints towards the way cyber crime is evolving this year. Ransomware has established itself as a constant threat, and is now available on demand through ransomware-as-a-service models, phishing events have increased, with more sophisticated landing pages, and widespread flaws such as Log4j continue to
Preparing for the Cyber Security Threats of 2023 Read More »
This week was the first Microsoft Patch Tuesday of 2023, where a total of 98 different vulnerabilities have been patched, including an actively exploited zero-day flaw. This update addresses twice the number of vulnerabilities as the December 2022 Patch Tuesday, which saw fixes for 49 vulnerabilities and 2 zero-day flaws. Eleven of the vulnerabilities patched
First Microsoft Patch Tuesday of 2023 Fixes Zero-Day Read More »
A remote code execution vulnerability has been identified in the open source JSON Web Token (JWT) library in versions 8.5.1 and earlier. This was identified by Unit42 researchers at Palo Alto Networks back in July, and has been finally patched by the Auth0 engineering team just before Christmas. Unit 42 have released a blog post
Auth0 Patch RCE Vulnerability in JSON Web Token Read More »
A legitimate Windows executable is being abused by malicious actors to stealthily infect devices with malware without raising any alarms. The Windows Error Reporting tool WerFault.exe can be exploited to load malware onto a system using a DLL sideloading technique in an attack K7 Security Labs have published an analysis for last week. This legitimate
Windows Error Reporting Tool Abused to Load Malware Read More »
A high severity SQL injection vulnerability has been patched in recent updates for Zoho ManageEngine products Password Manager Pro, PAM360, and Access Manager Plus. The software provider released a security advisory for this vulnerability where they advised customers of all three affected products to upgrade to the latest versions immediately due to the severity of
High Severity Vulnerability in ManageEngine Products Read More »
A recently discovered vulnerability in Synology routers configured to run as VPN servers has been given a critical severity rating and the maximum CVSS score of 10/10. Synology is a global data management and security company specialising in network attached storage (NAS) and storage area network (SAN) devices. Synology Router Manager (SRM) is the operating
Critical Vulnerability in Synology Router VPN Servers Read More »
A zero-day vulnerability has been identified in the Cisco Discovery Protocol processing feature of Cisco IP Phone series 7800 and 8800 firmware. Although a security advisory has been released by Cisco that discloses this high severity flaw, they have not yet released an update to patch it. An update is due to be released in
Cisco IP Phone Zero-Day Vulnerability Disclosed Read More »
A security update for December has been released by Google for Android that addresses 4 critical severity vulnerabilities. An additional 16 critical flaws have been patched in a Pixel update that has been released for Google Pixel devices. These 16 additional vulnerabilities patched are elevation of privilege flaws found in Pixel firmware, and LDFW, TF-A,
Android Update Patches Critical Vulnerabilities Read More »
Endpoint detection and response (EDR) systems, and antivirus (AV) software, are used to increase the cybersecurity of a device. However, these security software solutions are now able to be exploited for their data deletion capabilities, effectively turning them into data wipers. Security researcher Or Yair at SafeBreach Labs discovered this capability alongside multiple zero-day vulnerabilities
Endpoint Detection Systems Used as Data Wipers Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.