Vulnerabilities Archives

Critical Atlassian Confluence Vulnerability Exploited

Atlassian are warning customers of a critical remote code execution vulnerability in their Confluence collaboration server which affects on-premises installations of Confluence Server and Data Center editions. Tracked as CVE-2022-26134, the flaw was identified by Volexity at the start of this month and it impacts Confluence Server 7.18.0 and Confluence Server and Data Center 7.4.0. […]

Critical Atlassian Confluence Vulnerability Exploited Read More »

New Shellcode Malware SVCReady in Microsoft Office

News, Vulnerabilities / secureteampstg

New malware known as SVCReady uses shellcode in the properties of Microsoft Office documents to infect its target. This is yet another new form of attack that affects Microsoft Office, disguising malicious code in a seemingly safe Office document format. The SVCReady family of malware has been reported by the HP threat research blog as

New Shellcode Malware SVCReady in Microsoft Office Read More »

Android Patches 5 Critical Vulnerabilities

News, Vulnerabilities / secureteampstg

An update for devices running Android versions 10, 11 and 12 has been released as two security patch levels: 2022-06-01 and 2022-06-05. Across these updates over 40 vulnerabilities have been identified and patched, 5 of which have been given a severity rating of ‘Critical’ by the Android security team. This separation into two security patch

Android Patches 5 Critical Vulnerabilities Read More »

Microsoft Office Zero-Day attack identified

News, Uncategorized, Vulnerabilities / secureteampstg

A new vulnerability has been discovered that can allow a malicious document to run arbitrary code on a Windows computer. Although the obvious attack vector is MS Office documents, Microsoft is describing this as a Windows Operating System vulnerability according to CVE-2022-30190. A Word Document was found to be able to abuse the Microsoft Windows

Microsoft Office Zero-Day attack identified Read More »

Microsoft warns of Kerberos Relay attacks

News, Vulnerabilities / secureteampstg

Microsoft has issued several updates to help Systems Admins protect their networks against Kerberos Relay attacks. Microsoft have said no security patch will be provided to mitigate this attack vector, so config changes must be made to default Windows Domain Controller on premise installations. Microsoft explains the vulnerability in a recent blog post: Detecting and

Microsoft warns of Kerberos Relay attacks Read More »

Google Chrome security update

News, Vulnerabilities / secureteampstg

Google has issued a new version of the Chrome browser to resolve a number of serious security issues. Several vulnerabilities have been discovered and fixed in the latest release of Google Chrome, including one rated as Critical which could allow arbitrary code execution on the victim’s system. CVE-2022-1853 is a use after free vulnerability in

Google Chrome security update Read More »

Apple patches zero-day vulnerability

News, Vulnerabilities / secureteampstg

Apple have released eight security updates this week for a range of devices. Four of these updates include fixes for a zero-day vulnerability in AppleAVD. This vulnerability is said to have been actively exploited before this update was released, and affected Apple Watch, Apple TV, Macs, iPhones and iPads. Identified as CVE-2022-22675 by an anonymous

Apple patches zero-day vulnerability Read More »

Microsoft patches critical zero-day

News, Vulnerabilities / secureteampstg

Critical remote code execution and elevation of privilege vulnerabilities were among the 75 total vulnerabilities that have been fixed in Microsoft’s May Patch Tuesday this week. These essential patches include fixes for currently exploited zero-day vulnerabilities, one of which is a novel NTLM relay attack, identified as CVE-2022-26925, which affects all versions of Windows. This

Microsoft patches critical zero-day Read More »

F5 warns of critical BIG-IP vulnerability

News, Vulnerabilities / secureteampstg

Network security vendor F5 has revealed a critical CVSS 9.8 vulnerability that affects all version of their BIG-IP range from version 11.x through to 16.x The vulnerability which was discovered by F5’s own testing, could allow an unauthenticated attacker with network access to the BIG-IP system through the management port (or self-ip address) to execute

F5 warns of critical BIG-IP vulnerability Read More »

Nimbuspwn vulnerability hits Linux

News, Vulnerabilities / secureteampstg

Researchers at Microsoft have documented a family of vulnerabilities that affect Linux systems, dubbed Nimbuspwn. These vulnerabilities can be chained together in order to gain root privileges on Linux systems allowing attackers to install malware and access all data on the server. The vulnerabilities in the networkd-dispatcher are tracked as CVE-2022-29799 and CVE-2022-29800. Networkd-dispatcher runs as root and

Nimbuspwn vulnerability hits Linux Read More »

Vulnerabilities

Critical Atlassian Confluence Vulnerability Exploited

New Shellcode Malware SVCReady in Microsoft Office

Android Patches 5 Critical Vulnerabilities

Microsoft Office Zero-Day attack identified

Microsoft warns of Kerberos Relay attacks

Google Chrome security update

Apple patches zero-day vulnerability

Microsoft patches critical zero-day

F5 warns of critical BIG-IP vulnerability

Nimbuspwn vulnerability hits Linux

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch