HP has issued two security advisories describing remote code execution and denial of service vulnerabilities that affect hundreds of different HP network printers. Remote code execution and buffer overflow Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution […]
HP warns of printer vulnerabilities Read More »
When the LAPSUS$ ransomware group broke into the network of Nvidia, the data they stole included two code signing certificates which are now being used to sign malware to help it bypass security defences. In order to prove that an application or driver is genuine and really does come from the named developer, a digital
Stolen Nvidia certs uses to sign malware Read More »
Our monthly summary of recent important security patches includes updates from Microsoft and HP Microsoft Patch Tuesday March 2022 The March security updates from Microsoft address 71 security vulnerabilities, including several rated as critical or zero-day: Microsoft Exchange Server remote code execution vulnerability ( CVE-2022-23277) allowing an authenticated malicious user to run their code with admin
March Security Updates Read More »
Akamai has published details of a DDoS attack which generated more than 53 million packets per second by abusing misconfigured PBX VoIP gateways. Amplification DDoS attacks work by abusing systems which send large responses to small queries. Thus, an attacker can transmit a number of small requests which have the ‘reply-to’ address set to the
Phone systems abused to generate record breaking DDoS attacks Read More »
A Linux kernel vulnerability dubbed ‘Dirty Pipe’ allows an attacker to change any file on the system – including read only files such as the password file. The flaw affects Linux Kernel 5.8 and later – including Android devices as well as mainstream Linux server distros. Tracked as CVE-2022-0847, the flaw in the way memory
Linux Dirty Pipe kernel vulnerability Read More »
The US Cybersecurity and Infrastructure Security Agency (CISA) maintains a list of known vulnerabilities that are the most commonly exploited by threat actors. At the start of March the list was extended by another 95 bugs including several critical Cisco vulnerabilities. The known exploited vulnerabilities catlog is part of the CISA’s Shields-Up initiative that provides
These are the vulnerabilities being targeted today Read More »
Microsoft has announced several steps they are taking to improve the default security of Office document and Windows systems by protecting them against malicious macros and LOL-bins attacks. Microsoft Office to block macros for all Internet documents Microsoft is changing the default behaviour of Office applications that can contain VBA macros. Currently when a
Microsoft upgrades security of Office and Windows Read More »
Adobe has released a patch for a critical Remote Code Execution vulnerability that affects the Magento and Adobe Commerce eCommerce platforms. The CVSS 9.8 critical rated vulnerability (CVE-2022-24086) has, according to Adobe, been observed to be exploited in the wild and threat actors can use it to achieve arbitrary code execution on the target e-commerce
Critical Magento patch for Remote Code Exploit Read More »
It is rare to see vulnerabilities with the maximum CVSS score of 10 out of 10, but SAP’s February security patch bundle fixes four of them along with details of a serious vulnerability named ICMAD. Three of the critical vulnerabilities in SAPs February Security Advisory are fixing Log4j related issues. The fourth critical vulnerability (CVE-2022-22536)
SAP releases critical code patches Read More »
The second Tuesday of February brings the monthly security updates from Microsoft. Microsoft Security Updates – February 2022 February is a relatively modest month for Microsoft with just 51 security patches released. Even though none of this month’s vulnerabilities are rated as Critical, there is a trio of remote code execution vulnerabilities. Historically February is
February Security Updates Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.