This week both SonicWall and Cisco have released patches for critical vulnerabilities in their networking products. SonicWall zero day The SonicWall vulnerability (CVE-2021-20016) is a zero-day under active attack – in fact it was used to breach SonicWall’s own network in January according to their security advisory. The flaw affects SonicWall SMA 100 series devices […]
SonicWall and Cisco patch critical vulnerabilities Read More »
Apple has released iOS 14.4 which contains fixes for two critical security vulnerabilities which they admit may have been actively exploited in the wild. The first flaw (CVE-2021-1871, CVE-2021-1870) in iOS and iPadOS is a WebKit vulnerability which could be exploited by a malicious webpage in the Safari browser to execute arbitrary code on the
Apple patches critical iOS vulnerabilities Read More »
A serious bug in the Linux SUDO utility has been discovered that allows any user to gain root privilege on a Linux system. The flaw was discovered by security firm Qualys and they describe it in their blog post as a heap overflow vulnerability that means: any unprivileged user can gain root privileges on a
Critical SUDO vulnerability discovered Read More »
Daily GDPR breach notifications are up 20% and fines are up 39% according to a new report. Law firm DLA Piper has published their third annual GDPR Fines and Data Breech Survey which reveals the number of breaches being reported is rising along with the number and level of fines being imposed. In the post-Brexit
GDPR Fines continue to grow Read More »
Microsoft continues to roll out changes to mitigate the Zerologon vulnerability and a change due in the February Patch Tuesday could break non-Windows device’s ability to connect to the domain. The Zerologon vulnerability is a flaw in the Microsoft NetLogon protocol. Tracked as CVE-2020-1472 the vulnerability allows an unauthenticated user to change passwords on the
NetLogon Security Changes coming in February Read More »
The American CISA has warned they have detected ongoing attacks against several organisations cloud services. The alert from CISA states that: The Cybersecurity and Infrastructure Security Agency (CISA) is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors are using phishing and other vectors to exploit poor cyber hygiene practices within
CISA Warns of Pass-the-Cookie attack Read More »
Microsoft starts the year with their first patch Tuesday bundle of security fixes targeting 10 Critical vulnerabilities include a zero-day being exploited in Windows Defender. The Windows Defender vulnerability (CVE-2021-1647) is reported by Microsoft as having been detected under active exploitation in the wild – but precious little context information is provided under the firm’s
Microsoft Patches Critical Bugs Read More »
Three years after the initial warning, Adobe has officially killed off Flash software. In recent years Flash had developed a reputation for being a security risk on many systems due the high number of vulnerabilities discovered and exploited in the software. Now the software reached end-of-life on 31 December 2020 and Adobe will no longer
Flash is dead – now delete it from your system Read More »
Taiwan based Zyxel Networks has issued patches for their enterprise grade firewalls after a hard coded credential vulnerability was discovered by security researchers. The vulnerability provides attackers with root level access over SSH or the Web Administration interface allowing firewall rules to be changed to permit easy access to the network behind the firewall. Zyxel
100000 Zyxel firewalls have hardcoded backdoor exposed Read More »
A recent court case underlines the importance of good operational security procedures to manage employee and contractor exits to ensure all their access is revoked. A man has been sentenced to two years after deleting 456 virtual machines from Cisco’s infrastructure – 4 months after resigning from the firm. As a result of the malicious
When Good Employees Go Bad Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.