A Zoho ManageEngine vulnerability has been added to the Cybersecurity and Infrastructure Security Agency’s (CISA) known exploited vulnerabilities catalog last week. This remote code execution (RCE) vulnerability affects Password Manager Pro versions 12100 and below, Access Manager Plus versions 4302 and below, and PAM360 versions 5500 and below. Proof of concept (POC) code for an […]
RCE Vulnerability in Password Manager Pro Read More »
A new information stealing malware is being distributed as malware-as-a-service (MaaS) by threat actors under the guise of fake cheats for popular video games. The malware known as Erbium is designed to harvest the credentials from the victims, stealing passwords and other login information for a range of accounts, including cryptocurrency wallets. Threat researchers CYFIRMA
Erbium Stealer Malware Sold As A Service Read More »
Adobe Commerce and Magento Open Source have been targeted in a recent wave of attacks that exploit a critical vulnerability. Threat researchers at Sansec released a report this week that details the methodology of this remote access trojan attack. The vulnerability exploited in these attacks, CVE-2022-24086, was found to be actively exploited as early as
Adobe Magento Vulnerability Exploited in Attacks Read More »
The credentials of an Uber contractor were stolen and used to access multiple accounts and company files in a targeted attack. Uber released an initial security update statement that they were dealing with a cybersecurity incident when this breach was first identified and have since updated this post to give details about the attack and
Uber Breached in Targeted Attack Read More »
The latest Patch Tuesday from Microsoft included security updates released to patch a total of 63 vulnerabilities. This includes 5 vulnerabilities that have been given a ‘critical’ severity rating, due to the possibility of an exploit of these flaws resulting in remote code execution (RCE) on the target device. Two of these are zero-day flaws,
Microsoft Patch Critical and Zero-Day Flaws Read More »
A number of vulnerabilities have been exploited in Microsoft Teams by attackers through the use of GIFs. The attack technique has been named ‘GIFShell’, and allows the attackers to send malicious files, execute commands, and exfiltrate data from their victims. Affected versions of Microsoft Teams include version 1.5.00.11163 and earlier, where the exploited insecure design
Microsoft Teams Reverse Shell Attack Using GIFs Read More »
Four vulnerabilities in D-Link routers have been added to the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities Catalog this week. Also included in this week’s catalogue updates were now-patched zero-day vulnerabilities in Google Chrome, and Photo Station QNAP software. Three of the D-Link vulnerabilities identified as exploited by their addition to this list
Actively Exploited Vulnerabilities in D-Link Devices Read More »
A security vulnerability has been identified in HP’s in-built software HP Support Assistant, that is present on all HP and Omen laptops and desktop computers. HP Support Assistant is pre-installed on all HP and Omen devices, so all users of these devices could be at risk. A security bulletin has been released this week by
HP Patch Escalation of Privilege Flaw Read More »
A critical vulnerability has been identified in multiple versions of Atlassian’s Bitbucket Server and Bitbucket Data Center. A recent advisory released by Bitbucket Support explains that all versions after 6.10.17, including 7.0.0 and later, have been affected by this flaw. However, this vulnerability is not present in Atlassian Cloud sites, so users who access Bitbucket
Critical Atlassian Bitbucket Vulnerability Read More »
GitLab have published a critical security release this week to notify their users about an update that contains important security fixes. Versions 15.3.1, 15.2.3, and 15.1.5 were released for GitLab Community Edition (CE) and Enterprise Edition (EE), in order to patch a remote code execution (RCE) vulnerability. GitLab is used as a DevOps platform for
GitLab Patch Critical Remote Code Execution Flaw Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.