Threat researchers at McAfee Labs have discovered 5 malicious extensions for Google Chrome, that track the browsing activity of the user, with a total of 1.4 million users affected. The identified extensions are: Netflix Party, Netflix Party 2, Full Page Screenshot Capture – Screenshotting, FlipShope – Price Tracker Extension, and AutoBuy Flash Sales. Although these […]
Five Malicious Chrome Extensions Identified Read More »
A critical vulnerability has been identified in multiple versions of Atlassian’s Bitbucket Server and Bitbucket Data Center. A recent advisory released by Bitbucket Support explains that all versions after 6.10.17, including 7.0.0 and later, have been affected by this flaw. However, this vulnerability is not present in Atlassian Cloud sites, so users who access Bitbucket
Critical Atlassian Bitbucket Vulnerability Read More »
GitLab have published a critical security release this week to notify their users about an update that contains important security fixes. Versions 15.3.1, 15.2.3, and 15.1.5 were released for GitLab Community Edition (CE) and Enterprise Edition (EE), in order to patch a remote code execution (RCE) vulnerability. GitLab is used as a DevOps platform for
GitLab Patch Critical Remote Code Execution Flaw Read More »
A denial-of-service vulnerability was identified this month in Palo Alto Networks PAN-OS software. This week, the Cybersecurity and Infrastructure Agency (CISA), a branch of the US government, have added this vulnerability to their list of known exploited vulnerabilities. Tracked as CVE-2022-0028, this flaw affects the URL filtering policy in multiple versions of PAN-OS running on
Palo Alto Networks Exploited in DoS Attacks Read More »
Apple have released a security update this week to patch two actively exploited zero-day vulnerabilities. Both of these flaws affect Macs using the macOS Monterey operating system, iPhone 6s and later generations, and all models of the iPad Pro. Updates for the operating systems of these affected devices were released on 17th August. Users should
Apple Fix Two Exploited Zero-Day Vulnerabilities Read More »
Google have released a security update this week for the Chrome desktop app for Windows, Mac, and Linux. This update patches 11 vulnerabilities, one of which is a zero-day flaw that is known to be exploited in the wild, and another has been given a critical severity rating. This is the fifth security update for
Chrome Update Fixes Critical and Zero-Day Flaws Read More »
Microsoft’s August patch Tuesday security update included fixes for 138 vulnerabilities, 17 of which were classified as ‘Critical’ flaws. The security patches issued cover 40 different Microsoft and Windows products and features, including critical Windows system operations, and popular applications such as Microsoft Edge, Microsoft Office, and the Microsoft Exchange Server. Two zero-day vulnerabilities were
Microsoft Patches Critical Zero-Day Vulnerabilities Read More »
Google Workspace and Microsoft 365 users have been targeted in phishing attacks that have resulted in the attackers stealing credentials. The attackers exploited known flaws in Snapchat and American Express websites to trigger open redirects to specially crafted web pages, where the credential harvesting could then take place. Email security company Inky detected these attacks
Amex and Snapchat used in Open Redirect Attacks Read More »
VMware released a critical security advisory this week to warn users of security vulnerabilities that have been found in a variety of their systems. VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector, and vRealize Automation products have all received security patches to deal with these vulnerabilities. VMware advise all users that it
VMware Patch Critical Authentication Bypass Flaw Read More »
A vulnerability in Atlassian’s Questions for Confluence app has been found that includes hardcoded credentials that remote attackers can exploit to access the Confluence Server or Confluence Data Center it is hosted on. The versions of Questions for Confluence with this vulnerability unpatched are 2.7.34, 2.7.35, and 3.0.2. Atlassian have released a security advisory rating
Critical Confluence Vulnerability Exploited in the Wild Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.