News Archives

Grafana Fix Azure AD Authentication Bypass Flaw

Open-source data analytics and visualisations organisation Grafana have released a new security update for their app that patches a critical severity authorisation bypass flaw. This vulnerability affects Grafana accounts that use Azure Active Directory (AD) for account authentication. The new releases include Grafana versions 10.0.1, 9.5.5, 9.4.13, 9.3.16, 9.2.20, and 8.5.27. Other security fixes are […]

Grafana Fix Azure AD Authentication Bypass Flaw Read More »

Critical Vulnerability Patched in Zyxel NAS Devices

News, Vulnerabilities / secureteampstg

Zyxel Network Attached Storage (NAS) devices have received a security update to patch a critical severity command injection vulnerability. Devices affected by this flaw include NAS326 models running firmware version V5.21(AAZF.13)C0 or prior, NAS540 models running firmware version V5.21(AATB.10)C0 or prior, and NAS542 models running firmware version V5.21(ABAG.10)C0 or prior. In their security advisory, Zyxel

Critical Vulnerability Patched in Zyxel NAS Devices Read More »

ASUS Patch Critical Flaws from 2022 and 2018

News, Vulnerabilities / secureteampstg

The new ASUS router firmware update contains security patches for nine vulnerabilities amongst other important security fixes. Six of these vulnerabilities are high severity flaws, while another two, from 2018 and 2022, are rated as critical, with CVSS base scores of 9.8. Four of the high severity flaws were also legacy fixes from 2022, while

ASUS Patch Critical Flaws from 2022 and 2018 Read More »

Critical Flaws Exploited in MOVEit Transfer Data Theft

Information Assurance, News / secureteampstg

MOVEit Transfer and MOVEit Cloud customers experienced data theft attacks through the exploit of critical vulnerabilities beginning at the end of last month. High profile organisations across the UK and USA suffered massive data breaches as a result. Ongoing investigation into these attacks have resulted in three vulnerabilities being identified and patched by Progress

Critical Flaws Exploited in MOVEit Transfer Data Theft Read More »

Critical RCE Fortinet Flaw May Have Been Exploited

News, Vulnerabilities / secureteampstg

A critical remote code execution vulnerability has been patched in the latest Fortigate firmware updates for Fortinet FortiOS, FortiOS-6K7K, and FortiProxy SSL VPN devices. These updates were pushed out last week, however specific details about the critical vulnerability patched was not made available until Monday, when Fortinet published a security advisory detailing fixed versions, and

Critical RCE Fortinet Flaw May Have Been Exploited Read More »

High Severity Cisco Elevation of Privileges Flaw

News, Vulnerabilities / secureteampstg

A high severity vulnerability exists within the Cisco Secure Client Software for Windows and Cisco AnyConnect Secure Mobility Client Software for Windows. This elevation of privileges flaw could enable an attacker to have SYSTEM level privileges to carry out further attacks on vulnerable systems. The Cisco Secure Client and Cisco AnyConnect Secure Mobility Client products

High Severity Cisco Elevation of Privileges Flaw Read More »

Android Update Fixes Critical and Exploited Flaws

News, Vulnerabilities / secureteampstg

The Android Security Update for June has been released containing patches for 56 vulnerabilities, 5 of which have been assigned a critical severity rating, and one which is known to be actively exploited. The critical severity flaws patched this month include three remote code execution flaws, CVE-2023-21108 and CVE-2023-21130 are found in the Android System,

Android Update Fixes Critical and Exploited Flaws Read More »

Google Fix Chrome Bug Exploited in the Wild

News, Vulnerabilities / secureteampstg

A zero-day vulnerability in Google Chrome that has been exploited in the wild has been fixed through the most recent Stable Channel Update for Desktop. A security bulletin released by Google this week confirms that an exploit for this bug exists, however, detailed exploit and vulnerability information has still not been released by Google in

Google Fix Chrome Bug Exploited in the Wild Read More »

Zyxel Patch Critical Buffer Overflow Vulnerabilities

News, Vulnerabilities / secureteampstg

Zyxel firewall and VPN products have been found to contain two critical severity buffer overflow vulnerabilities that could be exploited by unauthenticated attackers. The affected products include ATP, USG FLEX, USG FLEX50(W) and USG20(W)-VPN, VPN, and ZyWall/USG. Zyxel have released a security advisory to inform users of these products about these vulnerabilities, and which patch

Zyxel Patch Critical Buffer Overflow Vulnerabilities Read More »

Critical Flaws in D-View Network Management Suite

News, Vulnerabilities / secureteampstg

D-View network management suite, developed by D-Link, has received a security update to patch two critical severity vulnerabilities. D-View can be used to control device configurations, monitor performance, and create network maps, as well as for other administrative network management tasks. These operations require access to devices and network components with high privileges so the

Critical Flaws in D-View Network Management Suite Read More »

News

Grafana Fix Azure AD Authentication Bypass Flaw

Critical Vulnerability Patched in Zyxel NAS Devices

ASUS Patch Critical Flaws from 2022 and 2018

Critical Flaws Exploited in MOVEit Transfer Data Theft

Critical RCE Fortinet Flaw May Have Been Exploited

High Severity Cisco Elevation of Privileges Flaw

Android Update Fixes Critical and Exploited Flaws

Google Fix Chrome Bug Exploited in the Wild

Zyxel Patch Critical Buffer Overflow Vulnerabilities

Critical Flaws in D-View Network Management Suite

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch