The Glupteba botnet targets Windows computers to steal passwords or commit fraud through the infected computer and is thought to include about a million compromised devices. It is growing at a rate of thousands of new systems every day. According to Google: Glupteba is notorious for stealing users’ credentials and data, mining cryptocurrencies on infected […]
Google tackles Glupteba botnet Read More »
Mozilla has published a security advisory warning of a critical security vulnerability in the Network Security Services libraries which are widely used by open-source software. While the bug does not impact Mozilla Firefox, it is thought to affect many other email clients and PDF viewers that use the electronic signature verification features of the Network
Mozilla warns of digital signature vulnerability Read More »
A new report from HP’s Threat Research Blog provides details of an evasive Javascript loader that gets passed security tools 89% of the time. Remote Access Trojans (RATs) are a class of malware that is designed to gain persistent access to the target computer system, and by leveraging elevation of privilege vulnerabilities gain administrator rights
How to defend against the RATdispenser Read More »
The UK Government has introduced new legislation which will improve the security of smartphones, IoT devices and connected appliances. The Product Security and Telecommunications Infrastructure (PSTI) Bill will require the manufacturers, importers and distributors of consumer connectable products to comply with cyber security good practices. According to the Government the regulations that flow from the new
New law to make IoT devices more secure Read More »
A new research paper looks at the security risks posed by the printers found in most offices and homes – and coins the term PrintJack to mean the hijacking of a printer by a threat actor. The research paper outlines three types of attack that could leverage a compromised printer. The standard TCP/IP port used
What is a PrintJack attack? Read More »
This week there have been several exploits published that target recently published (and patched) vulnerabilities in Microsoft Exchange Server and Windows 10/11 systems. Coming just a week after Microsoft published patches for these vulnerabilities, already proof of concept code has been made available on GitHub and threat actors have started targeting the exploits hoping to
Attackers rapidly target Microsoft vulnerabilities Read More »
Blacksmith is a new kind of Rowhammer attack that has been proved to successfully bypass existing Rowhammer protections in modern DDR4 memory chips – allowing researchers to extract security secrets and change memory contents on victim computers. What is Rowhammer? Modern computer memory chips are physically very dense – with billions of memory cells (each
Blacksmith brings down the Rowhammer Read More »
Palo Alto Networks has released a critical patch for their firewalls with GlobalProtect Portal or Gateway interfaces. With a critical severity rating of 9.8, this memory corruption vulnerability could allow an attacker to execute remote code on the firewall with root privileges. According to the security advisory published by Palo Alto Networks: This issue is
Palo Alto Networks patches VPN/Firewalls Read More »
The US Government has published a list of security vulnerabilities that must be patched on all government systems within the next 2 weeks. Developed by the Cybersecurity and Infrastructure Security Agency (CISA) – the binding operational directive provides a list of vulnerabilities that are being exploited to attack government systems. Under the terms of the
US Government publishes critical vulnerabilities list Read More »
November’s security updates bring a bundle of important fixes for vulnerabilities in Windows and Android devices Microsoft Patch Tuesday Updates Microsoft’s security update this month fixes 55 security flaws with 6 of them called out as zero-day vulnerabilities. Microsoft classifies a zero-day as a vulnerability that is either under active attack in the wild or
November Security Updates Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.