Google have released a security update this week for the Chrome desktop app for Windows, Mac, and Linux. This update patches 11 vulnerabilities, one of which is a zero-day flaw that is known to be exploited in the wild, and another has been given a critical severity rating. This is the fifth security update for […]
Chrome Update Fixes Critical and Zero-Day Flaws Read More »
Microsoft’s August patch Tuesday security update included fixes for 138 vulnerabilities, 17 of which were classified as ‘Critical’ flaws. The security patches issued cover 40 different Microsoft and Windows products and features, including critical Windows system operations, and popular applications such as Microsoft Edge, Microsoft Office, and the Microsoft Exchange Server. Two zero-day vulnerabilities were
Microsoft Patches Critical Zero-Day Vulnerabilities Read More »
Google Workspace and Microsoft 365 users have been targeted in phishing attacks that have resulted in the attackers stealing credentials. The attackers exploited known flaws in Snapchat and American Express websites to trigger open redirects to specially crafted web pages, where the credential harvesting could then take place. Email security company Inky detected these attacks
Amex and Snapchat used in Open Redirect Attacks Read More »
VMware released a critical security advisory this week to warn users of security vulnerabilities that have been found in a variety of their systems. VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector, and vRealize Automation products have all received security patches to deal with these vulnerabilities. VMware advise all users that it
VMware Patch Critical Authentication Bypass Flaw Read More »
A vulnerability in Atlassian’s Questions for Confluence app has been found that includes hardcoded credentials that remote attackers can exploit to access the Confluence Server or Confluence Data Center it is hosted on. The versions of Questions for Confluence with this vulnerability unpatched are 2.7.34, 2.7.35, and 3.0.2. Atlassian have released a security advisory rating
Critical Confluence Vulnerability Exploited in the Wild Read More »
Microsoft have warned customers of a form of attack capable of targeting unpatched Microsoft Exchange servers. The attacks taking place in the first 5 months of this year saw threat actors using Internet Information Services (IIS) extension modules to: access their victim’s email mailboxes, execute commands remotely, harvest credentials from within the system memory, steal
Microsoft Exchange Servers Open to Backdoor Hack Read More »
An information stealing malware has had its source code released by the developer on a popular hacking forum. Cyber criminals have had free access to this malware since the start of this month, and it has already been updated three times by the developer to add new capabilities and streamline the attack. Cyble Research Labs
Source Code for Stealer Malware Released Online Read More »
A new, previously undetected, Linux malware known as ‘Lightning Framework’ can be used as a backdoor to install rootkits in infected devices via Secure Shell (SSH). A report released by Intezer this week calls this malware “Swiss Army Knife-like” due to its wide range of capabilities, and ability to use techniques to avoid detection and
New Backdoor Linux Malware ‘Lightning Framework’ Read More »
The Microsoft 365 Defender Research Team have released a security warning to macOS users about a vulnerability they have discovered in Apple’s App Sandbox. The vulnerability tracked as CVE-2022-26706 was first uncovered in October 2021, however a new Proof of Concept (PoC) has been released by Microsoft in two formats, one of which is describe
Proof of Concept Released for MacOS Vulnerability Read More »
An actively exploited Windows Client Server Runtime Subsystem (CSRSS) vulnerability was one of 84 patched in this week’s Microsoft patch Tuesday. First discovered by the Microsoft Threat intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC), CVE-2022-22047 is tracked as a ‘High’ severity vulnerability, with a CVSS rating of 7.8/10. It affects devices running Windows
Publicly Disclosed Windows Vulnerability Patched Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.