Internet-facing Linux-based systems and Internet of Things (IoT) devices are being targeted in a recent attack that uses a patched version of OpenSSH to take over the devices and install cryptomining malware. Cryptomining involves the solving of complex mathematical problems to verify the payments carried out in cryptocurrency transactions, and creating new cryptocurrency tokens […]
OpenSSH Cryptomining Attacks on Linux and IoTs Read More »
Three actively exploited vulnerabilities have recently been patched by Apple, two of which have been used to deploy Triangulation spyware onto iOS devices. Russian security firm Kaspersky published a report investigating the use of these vulnerabilities in what they have termed ‘Operation Triangulation’ which involves the implant of TriangleDB (Kaspersky’s term) on vulnerable iOS devices.
Apple Fix Exploited Flaws Used to Deploy Spyware Read More »
Open-source data analytics and visualisations organisation Grafana have released a new security update for their app that patches a critical severity authorisation bypass flaw. This vulnerability affects Grafana accounts that use Azure Active Directory (AD) for account authentication. The new releases include Grafana versions 10.0.1, 9.5.5, 9.4.13, 9.3.16, 9.2.20, and 8.5.27. Other security fixes are
Grafana Fix Azure AD Authentication Bypass Flaw Read More »
Zyxel Network Attached Storage (NAS) devices have received a security update to patch a critical severity command injection vulnerability. Devices affected by this flaw include NAS326 models running firmware version V5.21(AAZF.13)C0 or prior, NAS540 models running firmware version V5.21(AATB.10)C0 or prior, and NAS542 models running firmware version V5.21(ABAG.10)C0 or prior. In their security advisory, Zyxel
Critical Vulnerability Patched in Zyxel NAS Devices Read More »
The new ASUS router firmware update contains security patches for nine vulnerabilities amongst other important security fixes. Six of these vulnerabilities are high severity flaws, while another two, from 2018 and 2022, are rated as critical, with CVSS base scores of 9.8. Four of the high severity flaws were also legacy fixes from 2022, while
ASUS Patch Critical Flaws from 2022 and 2018 Read More »
MOVEit Transfer and MOVEit Cloud customers experienced data theft attacks through the exploit of critical vulnerabilities beginning at the end of last month. High profile organisations across the UK and USA suffered massive data breaches as a result. Ongoing investigation into these attacks have resulted in three vulnerabilities being identified and patched by Progress
Critical Flaws Exploited in MOVEit Transfer Data Theft Read More »
A critical remote code execution vulnerability has been patched in the latest Fortigate firmware updates for Fortinet FortiOS, FortiOS-6K7K, and FortiProxy SSL VPN devices. These updates were pushed out last week, however specific details about the critical vulnerability patched was not made available until Monday, when Fortinet published a security advisory detailing fixed versions, and
Critical RCE Fortinet Flaw May Have Been Exploited Read More »
A high severity vulnerability exists within the Cisco Secure Client Software for Windows and Cisco AnyConnect Secure Mobility Client Software for Windows. This elevation of privileges flaw could enable an attacker to have SYSTEM level privileges to carry out further attacks on vulnerable systems. The Cisco Secure Client and Cisco AnyConnect Secure Mobility Client products
High Severity Cisco Elevation of Privileges Flaw Read More »
The Android Security Update for June has been released containing patches for 56 vulnerabilities, 5 of which have been assigned a critical severity rating, and one which is known to be actively exploited. The critical severity flaws patched this month include three remote code execution flaws, CVE-2023-21108 and CVE-2023-21130 are found in the Android System,
Android Update Fixes Critical and Exploited Flaws Read More »
A zero-day vulnerability in Google Chrome that has been exploited in the wild has been fixed through the most recent Stable Channel Update for Desktop. A security bulletin released by Google this week confirms that an exploit for this bug exists, however, detailed exploit and vulnerability information has still not been released by Google in
Google Fix Chrome Bug Exploited in the Wild Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.