Apple has released iOS 15.3 and Monterey 12.2 which resolve a bundle of security vulnerabilities including a pair of Zero-day exploits iOS patches iOS 15.3 and iPadOS 15.3 (released on 26th January 2022) contain fixes for a total of 10 security vulnerabilities including CVE-2022-22587. Apple advises that they are ‘aware of a report that this issue […]
Apple patches Zero day iPhone and Mac exploits Read More »
A 12 year old bug has been discovered in the Linux pkexec utility which allows any unprivileged user to gain full root privileges on a vulnerable host. The new report from security researchers at Qualys explains how the vulnerability can be exploited. In summary the vulnerability, dubbed PwnKit, allows any unprivileged user to gain full
PwnKit Vulnerability affects every major Linux distro Read More »
Starting in March 2022, Google Chrome will start supporting the new Private Network Access standard which will help protect local network devices from malicious internet traffic. Private Network Access, or PNA, will prevent malicious websites from using the victim’s browser as a proxy to relay cross-site request forgery attempts to devices on the user’s local
Chrome leads the way with security changes Read More »
Millions of routers are affected by a high severity flaw in the NetUSB module which is used by many vendors including NETGEAR, TP-Link, and Dlink. NetUSB is developed by Kcodes and is licensed to many device manufacturers. It enables remote network devices to connect to USB peripherals which are plugged into the router – typically
NetUSB RCE Flaw in Millions of End User Routers Read More »
The New Year gets off to a busy start for Microsoft with the first security patch updates resolving over 100 vulnerabilities including six zero-days and one critical flaw identified as wormable. A wormable vulnerability can be exploited with no human intervention allowing malware to move from one computer to another across your network. This flaw
Microsoft January Patch Tuesday Read More »
December saw a rise in Google Docs being used to send malicious emails as threat actors abused the comments feature to send messages which are hard to differentiate from legitimate messages from colleagues. According to a new report from security firm Avanan, the comments feature of Google Docs and Google Sheets can be abused to
Google Docs phishing emails hard to spot Read More »
Customers of Microsoft Exchange Servers and some Honda motor vehicles experienced unusual errors with the turn of the year as software failed to handle the year 2022 when the date rolled over. Microsoft Exchange Server bug The FIP-FS anti-spam and anti-malware service has been enabled by default on all Exchange Servers since Exchange 2013 was
Y2K22 Bugs hit Microsoft and Honda Read More »
According to research from Google’s Open Source Insights Team, the Apache Log4j vulnerabilities affect 4% of the projects in the Java ecosystem – over 17,000 packages in the Mavern Central repository alone. Log4j is a popular library that provides logging services to many thousands of Java based applications. Earlier this month security teams and system
What Log4j teaches us about supply chain risks Read More »
Proof of Concept code has been published showing how to exploit two vulnerabilities that would allow an attacker to obtain domain admin privilege on your Windows Domain Controllers. In the November security patch bundle, Microsoft released patches to resolve two vulnerabilities ( CVE-2021-42287 and CVE-2021-42278 ) in the Windows Active Directory Domain Services. On December 12th a proof
Install patches to protect Domain Controllers warns Microsoft Read More »
This week Microsoft released their last monthly security patch bundle for the year, fixing six zero-day vulnerabilities – and many other companies released security updates as well. Microsoft Updates for December This month Microsoft’s security bundle includes fixes for 67 vulnerabilities with six of them classified as zero-day – which means in Microsoft’s terms: that
December Patch Tuesday updates Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.