Google’s Project Zero has disclosed the details of a Windows 0-day vulnerability under active attack which affects all versions from Windows 7 through to Windows 10. No patch is yet available from Microsoft but one is expected in the November 2020 patch Tuesday updates. Last week we published details of a Chrome Browser 0-day vulnerability […]
Windows 0-day vulnerability disclosed Read More »
The NSA (National Security Agency) recently published a security advisory about the publicly known vulnerabilities currently being exploited by Chinese state-sponsored actors. While this security advisory is focused on the activities of state-sponsored actors, it does show the threats and vulnerabilities considered most useful for exploitation. Taking a quick look at the list could provide
The Top 10 vulnerabilities being exploited today Read More »
Last week an SQL injection vulnerability was discovered in the popular Loginizer plugin used by over a million WordPress sites. Such was the risk, WordPress took the unusual step of forcing updates into sites that use the plug-in – even those with auto-update turned off. The flaw in Loginizer can be exploited by an attacker
WordPress force updates a million sites to fix SQLi flaw Read More »
Google has issued an urgent update for Chrome which patches a zero-day vulnerability under active exploitation. The Chrome team took just one day from report of the vulnerability to issuing the patch, such is the danger posed by this flaw. The patch is included in Chrome version v86.0.4240.111 (CVE-2020-15999) – any older versions should be
Google Patches Chrome Zero-Day Vulnerability Read More »
Microsoft has patched a Remote Code Execution vulnerability in Visual Studio which could be exploited by creating a code repository – such as for a popular open source tool – and convincing a developer to clone and open it. The vulnerability (CVE-2020-17023) exists in the handling of the ‘package.json’ file and can be exploited to
Visual Studio RCE Vulnerability Patched Read More »
Sonicwall has released patches to fix a denial of service and remote code execution vulnerability in their Network Application Security appliances (virtual firewalls). The vulnerability exists in the code which handles SSL VPN access – meaning it is usually exposed to the public internet. The vulnerability was discovered by researchers at Tripwire who describe the
Sonicwall critical Firewall RCE vulnerability Read More »
A new report from Accenture details the rise of the Network Access Seller: expert hackers who secure a beachhead into corporate networks and then sell the access in well organised markets on the dark web. If you are a ransomware operator looking for a juicy corporate target, the Network Access Seller markets on the darkweb
What is a Network Access Seller? Read More »
October’s security patch bundle from Microsoft resolves 87 vulnerabilities, 12 rated as critical. One of these is a flaw in the Windows TCP/IP stack which can result in a server crash or remote code execution simply by sending a specially crafted ICMPv6 request. While it is technically challenging to achieve a remote code execution, the
October Patch Tuesday includes critical Windows TCP/IP vulnerability Read More »
Whenever a new Windows device is booted from an image, there is a period of time when the machine is live and on the network, but it is missing operating system security patches and Microsoft Defender updates. This new-born system is at its most vulnerable until the missing patches and updates have been applied. If
Microsoft Defender now updates OS image files Read More »
After 4 months beta-testing, GitHub has rolled out a new source code scanning service that will find security vulnerabilities in your home-grown software or open source tools. During the testing over 20,000 security vulnerabilities were discovered across 12,000 different projects including Remote Code Execution, SQL Injection and Cross Site-Scripting (XSS) flaws. GitHub is a Microsoft
GitHub can now find security vulnerabilities in your code Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.