News Archives

NCSC Warn of Jaguar Tooth Malware on Cisco Routers

Unpatched Cisco IOS routers are being targeted by Russian state-backed threat actor APT28 to deploy ‘Jaguar Tooth’ malware by exploiting a vulnerability from 2017. The National Cyber Security Centre (NCSC) have published a malware analysis report investigating this non-persistent malware recently seen to be infecting Cisco IOS routers using firmware C5350-IS-M version 12.3(6). A joint […]

NCSC Warn of Jaguar Tooth Malware on Cisco Routers Read More »

Google Chrome Emergency Update Patches Zero-Day

News, Vulnerabilities / secureteampstg

An emergency security update has been released by Google for Chrome stable channel for desktop for Windows, Mac, and Linux. This is the first emergency update released so far in 2023 to patch an actively exploited zero-day vulnerability in Google Chrome’s desktop application. The updated version v112.0.5615.121 also includes other security fixes deemed necessary from

Google Chrome Emergency Update Patches Zero-Day Read More »

Microsoft Fixes Critical and Publicly Disclosed Flaws

News, Vulnerabilities / secureteampstg

A total of 97 vulnerabilities were resolved in April’s patch Tuesday updates from Microsoft this week, including 7 critical severity flaws, and an actively exploited zero-day flaw with a publicly disclosed exploit. Critical severity flaw CVE-2023-28250 has a CVSS base score of 9.8 and is found in the Windows pragmatic general multicast (PGM) protocol. This

Microsoft Fixes Critical and Publicly Disclosed Flaws Read More »

Apple Patch Zero-Day with Publicly Disclosed Exploit

News, Vulnerabilities / secureteampstg

Emergency security updates have been released by Apple for macOS, iOS, iPadOS, and Safari to patch two zero-day vulnerabilities, one of which has a publicly disclosed exploit. The other zero-day flaw addressed in these updates is also reported to be actively exploited in the wild. These emergency updates by Apple have been published less than

Apple Patch Zero-Day with Publicly Disclosed Exploit Read More »

Critical Vulnerability in HP Enterprise Printers

News, Vulnerabilities / secureteampstg

HP Enterprise LaserJet and HP LaserJet Managed printers that use FutureSmart version 5.6 and have enabled IPsec could be vulnerable to a disclosed, unpatched, critical severity vulnerability that HP have warned will take 90 days to remediate. A security bulletin was released by HP this week to inform customers of this vulnerability which includes an

Critical Vulnerability in HP Enterprise Printers Read More »

WordPress Elementor Pro Plugin Flaw Exploited

News, Vulnerabilities / secureteampstg

A high severity vulnerability in WordPress plugin Elementor Pro has been found to be actively exploited. The plugin WooCommerce must also be running on the same site in order for this exploit to take place. The payment plugin WooCommerce was force-updated in March to patch a critical vulnerability that let unauthenticated attackers gain admin access

WordPress Elementor Pro Plugin Flaw Exploited Read More »

Veeam Vulnerability Exploit Code Released

News, Vulnerabilities / secureteampstg

Proof of concept (PoC) code has been released for a cross-platform exploit that can be performed on unpatched Veeam Backup & Replication (VBR) software. Veeam are a data security organisation whose backup and recovery software is used as both on-premises and cloud-based data protection solutions. Security updates to patch the exploitable vulnerability were released earlier

Veeam Vulnerability Exploit Code Released Read More »

Apple Release Critical MacOS Vulnerability Updates

News, Vulnerabilities / secureteampstg

Security updates for macOS Ventura, macOS Monterey, and macOS Big Sur have been released to address the security vulnerabilities found in these systems. Four critical severity vulnerabilities are included in these updates, all with a CVSS base score of 9.8/10. Not a lot of information is currently available about these flaws, as Apple doesn’t disclose

Apple Release Critical MacOS Vulnerability Updates Read More »

Google Pixel Markup Flaw Restores Edited Images

News, Vulnerabilities / secureteampstg

A vulnerability in the Google Pixel Markup tool can be used to recover redacted and edited screenshots, leading to sensitive information disclosure. Security researchers Simon Aarons and David Buchanan who discovered the exploit for this vulnerability dubbed it the aCropalypse flaw which signifies the ability to restore cropped and edited images to their original state

Google Pixel Markup Flaw Restores Edited Images Read More »

Adobe ColdFusion Vulnerability Actively Exploited

News, Vulnerabilities / secureteampstg

A critical arbitrary code execution vulnerability is being actively exploited in unpatched Adobe ColdFusion versions 2018 and 2021. A security bulletin was released by Adobe to inform users of this actively exploited vulnerability, along with two other vulnerabilities patched in the same update, a critical severity deserialisation flaw and a memory leak path traversal vulnerability.

Adobe ColdFusion Vulnerability Actively Exploited Read More »

News

NCSC Warn of Jaguar Tooth Malware on Cisco Routers

Google Chrome Emergency Update Patches Zero-Day

Microsoft Fixes Critical and Publicly Disclosed Flaws

Apple Patch Zero-Day with Publicly Disclosed Exploit

Critical Vulnerability in HP Enterprise Printers

WordPress Elementor Pro Plugin Flaw Exploited

Veeam Vulnerability Exploit Code Released

Apple Release Critical MacOS Vulnerability Updates

Google Pixel Markup Flaw Restores Edited Images

Adobe ColdFusion Vulnerability Actively Exploited

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch