A new security update released by Apple yesterday patches 20 different vulnerabilities on iPhone and iPad OS. Users can now update to iOS 16.1 and iPadOS 16 to apply these security patches and protect their devices. 14 of the vulnerabilities addressed in this update allow the execution of arbitrary code, 9 of which can execute […]
Apple Patch Actively Exploited Zero-Day Flaw Read More »
A range of malicious adware apps have been found on the Google Play store by security researchers at McAfee. It is estimated that 20 million installations across 16 different apps occurred before they were identified and subsequently removed from Google Play. These apps contained clicker malware, which runs in the background without the user’s knowledge.
16 Malicious Android Apps on Google Play Store Read More »
A remote code execution vulnerability has been found in the Apache Commons Text library, an open-source Java library used by developers. The vulnerability tracked as CVE-2022-42889 has been given a CVSS base score of 9.8, and a critical severity rating. A GitHub threat analyst discovered this flaw back in March and reported it to Apache.
Apache Commons Remote Code Vulnerability Read More »
An actively exploited zero-day flaw that prevents Windows from properly identifying potentially malicious documents by flagging them as downloaded from the web has been given an unofficial patch. The security issue was first brought to Microsoft’s attention by a security researcher 3 month ago, however no official update to correct this has been released. Security
Windows Zero-Day Flaw Gets Free Unofficial Patch Read More »
A fake Phantom security update scam has been sent in the form of phishing NFTs to Solana cryptocurrency owners. The NFTs were airdropped into the cryptowallets of users, claiming to be from the developers of Phantom with names such as ‘PHANTOMUPDATE.COM’ or ‘UPDATEPHANTOM.COM’, and descriptions that gave instructions on how to apply this fake update.
Fake Phantom Security Update Malware Scam Read More »
A communication has been sent by Fortinet to their customers confirming a critical severity vulnerability in FortiOS and FortiProxy. The global cyber security company have warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest available versions to address this vulnerability. Although a full security advisory has not been released yet for
Fortinet Critical Authentication Bypass Vulnerability Read More »
The recent Windows 11 2022 Update has been experiencing issues and failing to finish installing due to provisioning issues, leaving some partially configured endpoints vulnerable. Also known as version 22H2, this update immediately impacted some users by causing Remote Desktop clients to not connect, randomly disconnect, or freeze unexpectedly. Since then, Microsoft have released issue
Issues with Windows 11 22H2 Update Addressed Read More »
Two high severity zero-day vulnerabilities for the Microsoft Exchange Server have been found to be exploited in the wild. An elevation of privilege vulnerability, and a remote code execution vulnerability have been used by attackers to gain access into victim’s systems. The Cybersecurity and Infrastructure Security Agency (CISA) recently added these two flaws to their
Microsoft Exchange Server Vulnerabilities Exploited Read More »
A Zoho ManageEngine vulnerability has been added to the Cybersecurity and Infrastructure Security Agency’s (CISA) known exploited vulnerabilities catalog last week. This remote code execution (RCE) vulnerability affects Password Manager Pro versions 12100 and below, Access Manager Plus versions 4302 and below, and PAM360 versions 5500 and below. Proof of concept (POC) code for an
RCE Vulnerability in Password Manager Pro Read More »
A new information stealing malware is being distributed as malware-as-a-service (MaaS) by threat actors under the guise of fake cheats for popular video games. The malware known as Erbium is designed to harvest the credentials from the victims, stealing passwords and other login information for a range of accounts, including cryptocurrency wallets. Threat researchers CYFIRMA
Erbium Stealer Malware Sold As A Service Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.