The latest software updates released by Apple for macOS, iOS, iPadOS, Safari, tvOS, and watchOS contain patches for three zero-day vulnerabilities that are known to be actively exploited in attacks. These vulnerabilities exist within the WebKit browser engine used by Safari, and other macOS and iOS applications. Currently the CVE information about these vulnerabilities is […]
Actively Exploited Flaws Patched in Apple Devices Read More »
Attackers are targeting a pair of Windows bugs that can be exploited simply by sending a malicious email to the victim, allowing the attacker to steal the users Windows credentials. A vulnerability in the MSHTML / EdgeHTML component used in Microsoft products such as Internet Explorer (now retired), WebBrowser control, Microsoft Edge, and other legacy applications
Windows Security Feature Bypass Vulnerability Read More »
A vulnerability in the WordPress plugin Advanced Custom Fields and Advanced Custom Fields Pro is being actively exploited by attackers after proof of concept (PoC) code for the exploit was released. The Advanced Customs Fields plugin has been installed on over 2M WordPress sites worldwide however only 31.5% of users have installed update version 6.1
WordPress Plugin Flaw has Public Exploit Code Read More »
A vulnerability has been identified in NetFilter, a packet filtering and NAT (Network Address Translation) framework within the Linux kernel. This vulnerability can allow local users to escalate privileges to gain root level access, resulting in complete control over the vulnerable system. Multiple Linux kernel releases are affected by this flaw, including the most recent
Linux Kernel Vulnerability Allows Elevation to Root Read More »
An Android security bulletin has been released detailing the vulnerabilities patched in the May 2023 updates for patch levels 2023-05-01 and 2023-05-05. Included in this update is a fix for a high severity flaw first identified in January, found in the Linux Kernel of affected devices. This vulnerability is known to have been exploited as
Android Update Patches Exploited Kernel Flaw Read More »
A five-year-old authentication bypass vulnerability present in TBK DVR4104 and DVR4216 TBK Vision devices is being actively exploited in attacks. TBK DVR (digital video recording) devices are sold under other brand names including Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR. The wide range of rebrands
Critical 2018 Vulnerability Actively Exploited in TBK Read More »
Cisco Prime Collaboration Deployment software has been found to have a zero-day vulnerability that could allow for cross-site scripting attacks to take place. The Cisco Prime Collaboration Deployment application is a server management tool which can assist in the migration of older software version clusters to new virtual machines, as well as performing fresh installs,
Cisco Zero-Day Cross-Site Scripting Vulnerability Read More »
Another zero-day vulnerability has been identified in the Google Chrome desktop application, just days after the previous emergency update was released. Microsoft have determined this to be a publicly disclosed vulnerability with a verified exploit. The stable channel update for desktop version 112.0.5615.137 was released last week for Windows and Mac, with the Linux update
New Chromium OSS Zero-Day Actively Exploited Read More »
A security update has been released by VMware to patch two vulnerabilities in VMware Aria Operations for Logs products, which were previously called vRealize Log Insight. VMware vRealize Log Insight products had multiple remote code execution vulnerabilities that were addressed in January which could be exploited together in an attack chain. This new update addresses
Critical Vulnerabilities Patched by VMware Read More »
Unpatched Cisco IOS routers are being targeted by Russian state-backed threat actor APT28 to deploy ‘Jaguar Tooth’ malware by exploiting a vulnerability from 2017. The National Cyber Security Centre (NCSC) have published a malware analysis report investigating this non-persistent malware recently seen to be infecting Cisco IOS routers using firmware C5350-IS-M version 12.3(6). A joint
NCSC Warn of Jaguar Tooth Malware on Cisco Routers Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.