A malware campaign using the Qbot (aka QakBot) banking trojan has been identified in the wild that is spread through malicious Microsoft OneNote .one attachments. This malware campaign has been referred to as ‘QakNote’ due to the trojan used and the method of using Microsoft OneNote files. It has been observed by security researchers at […]
Microsoft OneNote Attachments Malware Campaign Read More »
A broken authentication vulnerability has been identified in Jira Service Management Server and Data Center versions after 5.3.0. Atlassian Support have published a security advisory to inform users of this vulnerability, which they have rated as critical severity, with a CVSS base score of 9.4. Versions of Jira Service Management Server and Data Center affected
Jira Service Management Authentication Vulnerability Read More »
QNAP have released a security advisory this week to warn users of a critical severity vulnerability affecting operating system versions QTS 5.0.1 and QuTS hero h5.0.1. Firmware updates for the affected systems have been released, which can be downloaded for supported NAS models to patch this flaw. Users of affected systems should update their devices
Critical Code Injection Flaw on QNAP NAS Devices Read More »
Multiple vulnerabilities have been patched in a new update for VMware vRealize Log Insight last week, some of which can be chained into an attack that results in remote code execution on unpatched systems. VMware vRealize Log Insight is an administrative tool for log analysis and infrastructure management also known as VMware Aria Operations for
VMware Patch Remote Code Execution Vulnerabilities Read More »
Apple have released security updates this week for a range of their software, including MacOS, watchOS, iOS, iPadOS, and Safari. Among these new releases is iOS 12.5.7, which contains backported security patches for older iPhone models to resolve a high severity zero-day vulnerability. This flaw was patched in more recent device models in December, however
Apple Backport Zero-Day Security Patches for iOS Read More »
Two new vulnerabilities have been disclosed on end-of-life Cisco RV Series small business routers. These vulnerabilities can be exploited individually or chained into an attack that allows for remote attackers to gain root access to the operating system where they can then execute arbitrary code. The affected devices are RV016 Multi-WAN VPN Routers, RV042 Dual
Critical Authentication Bypass in Cisco Routers Read More »
Proof of concept (PoC) code has been released for three critical vulnerabilities in WordPress plugins that allow for SQL injection into the website code. The affected plugins are Paid Memberships Pro, Easy Digital Downloads, and Survey Maker, all of which have now received security updates that patch the SQL injection flaws. A security researcher at
WordPress Plugins have SQL Injection Vulnerabilities Read More »
A new version of the Chrome desktop app has been released to the Chrome Stable Channel available for all platforms. Chrome version 109.0.5414.74 on Linux, 109.0.5414.74/.75 on Windows, and 109.0.5414.87 on Mac contain new Chrome 109 features, as well as security patches for 17 vulnerabilities, two of which are high severity flaws. CVE-2023-0128 is a
Google Chrome Update Patches 17 Vulnerabilities Read More »
The cyber security challenges faced by organisations last year can give hints towards the way cyber crime is evolving this year. Ransomware has established itself as a constant threat, and is now available on demand through ransomware-as-a-service models, phishing events have increased, with more sophisticated landing pages, and widespread flaws such as Log4j continue to
Preparing for the Cyber Security Threats of 2023 Read More »
This week was the first Microsoft Patch Tuesday of 2023, where a total of 98 different vulnerabilities have been patched, including an actively exploited zero-day flaw. This update addresses twice the number of vulnerabilities as the December 2022 Patch Tuesday, which saw fixes for 49 vulnerabilities and 2 zero-day flaws. Eleven of the vulnerabilities patched
First Microsoft Patch Tuesday of 2023 Fixes Zero-Day Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.