The October security patch updates include fixes for critical flaws and zero-day vulnerabilities from Microsoft, Apple and Apache. Microsoft October Updates October’s security patch bundle from Microsoft includes fixes for four zero-day vulnerabilities, at least one of which is actively being exploited in the wild. Overall Microsoft fixes 70 vulnerabilities include the first inclusion of […]
October Security Updates Read More »
According to a new research paper, it is possible to trick a locked iPhone into authorising a contactless payment for a Visa card of any amount, if the Visa card is enabled for Express Transit (which can be on by default in the UK) Express Transit is a feature used by automated ticket gates on
ApplePay and Visa vulnerable to wireless skimming says research Read More »
A sophisticated Android based malware ring has stolen hundreds of millions of pounds from 10 million victims according to a new report. This Grifthorse trojan malware was used in over 200 Android apps available in the Google Play store. Details of the malware campaign are explained in a report from Zimperium Labs. According to the
Android Trojan hits 10 million victims Read More »
A flaw in the design of the Autodiscover protocol used to set-up email clients with Exchange Server can cause domain credentials to be sent in the clear to a server controlled by an attacker. The Microsoft Autodiscover protocol makes it easier for end users to configure their email client to connect to an Exchange Server
Microsoft Autodiscover protocol leaks domain credentials Read More »
The September update for Microsoft Exchange includes a new security feature for on-premises servers – they can now automatically mitigate new vulnerabilities just like the cloud versions used by Office 365. The last 12 months have not been fun for Exchange administrators with a series of high-profile vulnerabilities affecting on-premise Exchange servers resulting in the
Exchange can now automatically mitigate new vulnerabilities Read More »
VMware has issued a critical security advisory for customers using vCenter Server 6.5,6.7 and 7.0 – warning customers that they need to do something about it ‘right now.’ The problem (CVE-2021-22005) is a Remote Code Execution vulnerability with a CVSS score of 9.8. A malicious user with access to network port 443 is able to
VMware issues critical security advisory Read More »
Russian Internet firm Yandex has been fighting a DDoS attack all summer, which has reached a peak attack rate of 21.8 million requests per second, powered by a quarter of a million rogue routers that form the Meris botnet. According to security firm Qrator Labs which provides DDoS protection for Yandex, up to 56,000 devices
Largest Ever DDoS Exceeds 21m requests per second Read More »
The September Patch Tuesday security bundle from Microsoft fixes 60 vulnerabilities including some rated as Critical and a zero-day vulnerability under active attack affecting Microsoft Office. Microsoft Security updates for September Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444) was publicised in early September when Microsoft warned Office 365 customers about the vulnerability. The flaw was
September Patch Tuesday fixes Critical and Zero Day vulnerabilities Read More »
The 2021 Data Breach Investigations report provides insights from the analysis of over 29,000 real world cyber security incidents from 2020 helping Security Managers track the evolving behaviour and tactics of threat actors. The Verizon Data Breach Investigations report has become a regular fixture on the annual cyber security calendar over the last 14 years.
Key lessons from the 2021 Data Breach Investigations Report Read More »
Netgear has published patches for 20 of its managed smart switches to fix three vulnerabilities that can lead to the switch being taken over by an attacker potentially giving them control over your network. With names like Demons Cries, Draconian Fear and Seventh Inferno, the vulnerabilities were addressed in patches released by Netgear on 3rd
Critical patches released for Netgear Switches Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.