A five-year-old authentication bypass vulnerability present in TBK DVR4104 and DVR4216 TBK Vision devices is being actively exploited in attacks. TBK DVR (digital video recording) devices are sold under other brand names including Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR. The wide range of rebrands […]
Critical 2018 Vulnerability Actively Exploited in TBK Read More »
Cisco Prime Collaboration Deployment software has been found to have a zero-day vulnerability that could allow for cross-site scripting attacks to take place. The Cisco Prime Collaboration Deployment application is a server management tool which can assist in the migration of older software version clusters to new virtual machines, as well as performing fresh installs,
Cisco Zero-Day Cross-Site Scripting Vulnerability Read More »
EvilExtractor is an info stealer malware tool designed for data theft attacks on Windows operating systems. Researchers at Fortinet’s threat research group FortiGuard Labs have published an analysis of this tool detailing the attack method for this malware, and its impact on its victims. The research concluded that although there are no specific industries targeted
EvilExtractor Sold as ‘Educational Tool’ is Info Stealer Read More »
Another zero-day vulnerability has been identified in the Google Chrome desktop application, just days after the previous emergency update was released. Microsoft have determined this to be a publicly disclosed vulnerability with a verified exploit. The stable channel update for desktop version 112.0.5615.137 was released last week for Windows and Mac, with the Linux update
New Chromium OSS Zero-Day Actively Exploited Read More »
A security update has been released by VMware to patch two vulnerabilities in VMware Aria Operations for Logs products, which were previously called vRealize Log Insight. VMware vRealize Log Insight products had multiple remote code execution vulnerabilities that were addressed in January which could be exploited together in an attack chain. This new update addresses
Critical Vulnerabilities Patched by VMware Read More »
Unpatched Cisco IOS routers are being targeted by Russian state-backed threat actor APT28 to deploy ‘Jaguar Tooth’ malware by exploiting a vulnerability from 2017. The National Cyber Security Centre (NCSC) have published a malware analysis report investigating this non-persistent malware recently seen to be infecting Cisco IOS routers using firmware C5350-IS-M version 12.3(6). A joint
NCSC Warn of Jaguar Tooth Malware on Cisco Routers Read More »
The threat actor known as Vice Society, a ransomware gang known for their attacks against the education sector in the USA, has recently been found to use a custom Microsoft PowerShell (PS) script for exfiltrating data from their victims. This threat actor previously used PS scripts staged on a domain controller to perform a range
Vice Society Use Automated Data Exfiltration Read More »
An emergency security update has been released by Google for Chrome stable channel for desktop for Windows, Mac, and Linux. This is the first emergency update released so far in 2023 to patch an actively exploited zero-day vulnerability in Google Chrome’s desktop application. The updated version v112.0.5615.121 also includes other security fixes deemed necessary from
Google Chrome Emergency Update Patches Zero-Day Read More »
A total of 97 vulnerabilities were resolved in April’s patch Tuesday updates from Microsoft this week, including 7 critical severity flaws, and an actively exploited zero-day flaw with a publicly disclosed exploit. Critical severity flaw CVE-2023-28250 has a CVSS base score of 9.8 and is found in the Windows pragmatic general multicast (PGM) protocol. This
Microsoft Fixes Critical and Publicly Disclosed Flaws Read More »
Emergency security updates have been released by Apple for macOS, iOS, iPadOS, and Safari to patch two zero-day vulnerabilities, one of which has a publicly disclosed exploit. The other zero-day flaw addressed in these updates is also reported to be actively exploited in the wild. These emergency updates by Apple have been published less than
Apple Patch Zero-Day with Publicly Disclosed Exploit Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.