Ian Reynolds, Author at SecureTeam

Fortinet Critical Authentication Bypass Vulnerability

A communication has been sent by Fortinet to their customers confirming a critical severity vulnerability in FortiOS and FortiProxy. The global cyber security company have warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest available versions to address this vulnerability. Although a full security advisory has not been released yet for […]

Fortinet Critical Authentication Bypass Vulnerability Read More »

Issues with Windows 11 22H2 Update Addressed

News / Ian Reynolds

The recent Windows 11 2022 Update has been experiencing issues and failing to finish installing due to provisioning issues, leaving some partially configured endpoints vulnerable. Also known as version 22H2, this update immediately impacted some users by causing Remote Desktop clients to not connect, randomly disconnect, or freeze unexpectedly. Since then, Microsoft have released issue

Issues with Windows 11 22H2 Update Addressed Read More »

Microsoft Exchange Server Vulnerabilities Exploited

News, Vulnerabilities / Ian Reynolds

Two high severity zero-day vulnerabilities for the Microsoft Exchange Server have been found to be exploited in the wild. An elevation of privilege vulnerability, and a remote code execution vulnerability have been used by attackers to gain access into victim’s systems. The Cybersecurity and Infrastructure Security Agency (CISA) recently added these two flaws to their

Microsoft Exchange Server Vulnerabilities Exploited Read More »

The Current and Future Trends in Cyber Crime

Articles, Information Assurance / Ian Reynolds

The release of the 2022 Falcon OverWatch Threat Hunting Report from CrowdStrike has revealed the recent trends in cyber crime from July 2021 to June 2022. According to the report, the number of cyber crime campaigns has increased by 50% with financial crime accounting for 43% of all attacks. According to CrowdStrike’s analysis cyber crime

The Current and Future Trends in Cyber Crime Read More »

RCE Vulnerability in Password Manager Pro

News, Vulnerabilities / Ian Reynolds

A Zoho ManageEngine vulnerability has been added to the Cybersecurity and Infrastructure Security Agency’s (CISA) known exploited vulnerabilities catalog last week. This remote code execution (RCE) vulnerability affects Password Manager Pro versions 12100 and below, Access Manager Plus versions 4302 and below, and PAM360 versions 5500 and below. Proof of concept (POC) code for an

RCE Vulnerability in Password Manager Pro Read More »

Erbium Stealer Malware Sold As A Service

News, Vulnerabilities / Ian Reynolds

A new information stealing malware is being distributed as malware-as-a-service (MaaS) by threat actors under the guise of fake cheats for popular video games. The malware known as Erbium is designed to harvest the credentials from the victims, stealing passwords and other login information for a range of accounts, including cryptocurrency wallets. Threat researchers CYFIRMA

Erbium Stealer Malware Sold As A Service Read More »

Adobe Magento Vulnerability Exploited in Attacks

News, Vulnerabilities / Ian Reynolds

Adobe Commerce and Magento Open Source have been targeted in a recent wave of attacks that exploit a critical vulnerability. Threat researchers at Sansec released a report this week that details the methodology of this remote access trojan attack. The vulnerability exploited in these attacks, CVE-2022-24086, was found to be actively exploited as early as

Adobe Magento Vulnerability Exploited in Attacks Read More »

Uber Breached in Targeted Attack

News, Vulnerabilities / Ian Reynolds

The credentials of an Uber contractor were stolen and used to access multiple accounts and company files in a targeted attack. Uber released an initial security update statement that they were dealing with a cybersecurity incident when this breach was first identified and have since updated this post to give details about the attack and

Uber Breached in Targeted Attack Read More »

Microsoft Patch Critical and Zero-Day Flaws

News, Vulnerabilities / Ian Reynolds

The latest Patch Tuesday from Microsoft included security updates released to patch a total of 63 vulnerabilities. This includes 5 vulnerabilities that have been given a ‘critical’ severity rating, due to the possibility of an exploit of these flaws resulting in remote code execution (RCE) on the target device. Two of these are zero-day flaws,

Microsoft Patch Critical and Zero-Day Flaws Read More »

Microsoft Teams Reverse Shell Attack Using GIFs

News, Vulnerabilities / Ian Reynolds

A number of vulnerabilities have been exploited in Microsoft Teams by attackers through the use of GIFs. The attack technique has been named ‘GIFShell’, and allows the attackers to send malicious files, execute commands, and exfiltrate data from their victims. Affected versions of Microsoft Teams include version 1.5.00.11163 and earlier, where the exploited insecure design

Microsoft Teams Reverse Shell Attack Using GIFs Read More »

Author name: Ian Reynolds

Fortinet Critical Authentication Bypass Vulnerability

Issues with Windows 11 22H2 Update Addressed

Microsoft Exchange Server Vulnerabilities Exploited

The Current and Future Trends in Cyber Crime

RCE Vulnerability in Password Manager Pro

Erbium Stealer Malware Sold As A Service

Adobe Magento Vulnerability Exploited in Attacks

Uber Breached in Targeted Attack

Microsoft Patch Critical and Zero-Day Flaws

Microsoft Teams Reverse Shell Attack Using GIFs

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch