Starting in March 2022, Google Chrome will start supporting the new Private Network Access standard which will help protect local network devices from malicious internet traffic. Private Network Access, or PNA, will prevent malicious websites from using the victim’s browser as a proxy to relay cross-site request forgery attempts to devices on the user’s local […]
Chrome leads the way with security changes Read More »
Millions of routers are affected by a high severity flaw in the NetUSB module which is used by many vendors including NETGEAR, TP-Link, and Dlink. NetUSB is developed by Kcodes and is licensed to many device manufacturers. It enables remote network devices to connect to USB peripherals which are plugged into the router – typically
NetUSB RCE Flaw in Millions of End User Routers Read More »
The New Year gets off to a busy start for Microsoft with the first security patch updates resolving over 100 vulnerabilities including six zero-days and one critical flaw identified as wormable. A wormable vulnerability can be exploited with no human intervention allowing malware to move from one computer to another across your network. This flaw
Microsoft January Patch Tuesday Read More »
December saw a rise in Google Docs being used to send malicious emails as threat actors abused the comments feature to send messages which are hard to differentiate from legitimate messages from colleagues. According to a new report from security firm Avanan, the comments feature of Google Docs and Google Sheets can be abused to
Google Docs phishing emails hard to spot Read More »
Customers of Microsoft Exchange Servers and some Honda motor vehicles experienced unusual errors with the turn of the year as software failed to handle the year 2022 when the date rolled over. Microsoft Exchange Server bug The FIP-FS anti-spam and anti-malware service has been enabled by default on all Exchange Servers since Exchange 2013 was
Y2K22 Bugs hit Microsoft and Honda Read More »
According to research from Google’s Open Source Insights Team, the Apache Log4j vulnerabilities affect 4% of the projects in the Java ecosystem – over 17,000 packages in the Mavern Central repository alone. Log4j is a popular library that provides logging services to many thousands of Java based applications. Earlier this month security teams and system
What Log4j teaches us about supply chain risks Read More »
Proof of Concept code has been published showing how to exploit two vulnerabilities that would allow an attacker to obtain domain admin privilege on your Windows Domain Controllers. In the November security patch bundle, Microsoft released patches to resolve two vulnerabilities ( CVE-2021-42287 and CVE-2021-42278 ) in the Windows Active Directory Domain Services. On December 12th a proof
Install patches to protect Domain Controllers warns Microsoft Read More »
This week Microsoft released their last monthly security patch bundle for the year, fixing six zero-day vulnerabilities – and many other companies released security updates as well. Microsoft Updates for December This month Microsoft’s security bundle includes fixes for 67 vulnerabilities with six of them classified as zero-day – which means in Microsoft’s terms: that
December Patch Tuesday updates Read More »
The Glupteba botnet targets Windows computers to steal passwords or commit fraud through the infected computer and is thought to include about a million compromised devices. It is growing at a rate of thousands of new systems every day. According to Google: Glupteba is notorious for stealing users’ credentials and data, mining cryptocurrencies on infected
Google tackles Glupteba botnet Read More »
Mozilla has published a security advisory warning of a critical security vulnerability in the Network Security Services libraries which are widely used by open-source software. While the bug does not impact Mozilla Firefox, it is thought to affect many other email clients and PDF viewers that use the electronic signature verification features of the Network
Mozilla warns of digital signature vulnerability Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.