It is rare to see vulnerabilities with the maximum CVSS score of 10 out of 10, but SAP’s February security patch bundle fixes four of them along with details of a serious vulnerability named ICMAD. Three of the critical vulnerabilities in SAPs February Security Advisory are fixing Log4j related issues. The fourth critical vulnerability (CVE-2022-22536) […]
SAP releases critical code patches Read More »
The second Tuesday of February brings the monthly security updates from Microsoft. Microsoft Security Updates – February 2022 February is a relatively modest month for Microsoft with just 51 security patches released. Even though none of this month’s vulnerabilities are rated as Critical, there is a trio of remote code execution vulnerabilities. Historically February is
February Security Updates Read More »
A new phishing campaign is using CSV files to deliver malware to unsuspecting users who mistakenly think that plain text CSV files are safe to open in Excel. Comma Separated Variable (CSV) files are produced by many applications as a kind of universally compatible report format as they consist of simple text files which contain
How malicious CSV files can deliver malware Read More »
A serious remote code execution vulnerability has been discovered in the Samba file sharing software. This bug allows an unauthenticated attacker to execute arbitrary code as root on an affected server. With a CVSS score of 9.9, this vulnerability affects Samba’s default configurations. Samba is a popular freeware utility that supports the SMB (Server Message
Samba RCE vulnerability Read More »
Apple has released iOS 15.3 and Monterey 12.2 which resolve a bundle of security vulnerabilities including a pair of Zero-day exploits iOS patches iOS 15.3 and iPadOS 15.3 (released on 26th January 2022) contain fixes for a total of 10 security vulnerabilities including CVE-2022-22587. Apple advises that they are ‘aware of a report that this issue
Apple patches Zero day iPhone and Mac exploits Read More »
A 12 year old bug has been discovered in the Linux pkexec utility which allows any unprivileged user to gain full root privileges on a vulnerable host. The new report from security researchers at Qualys explains how the vulnerability can be exploited. In summary the vulnerability, dubbed PwnKit, allows any unprivileged user to gain full
PwnKit Vulnerability affects every major Linux distro Read More »
Millions of routers are affected by a high severity flaw in the NetUSB module which is used by many vendors including NETGEAR, TP-Link, and Dlink. NetUSB is developed by Kcodes and is licensed to many device manufacturers. It enables remote network devices to connect to USB peripherals which are plugged into the router – typically
NetUSB RCE Flaw in Millions of End User Routers Read More »
The New Year gets off to a busy start for Microsoft with the first security patch updates resolving over 100 vulnerabilities including six zero-days and one critical flaw identified as wormable. A wormable vulnerability can be exploited with no human intervention allowing malware to move from one computer to another across your network. This flaw
Microsoft January Patch Tuesday Read More »
Proof of Concept code has been published showing how to exploit two vulnerabilities that would allow an attacker to obtain domain admin privilege on your Windows Domain Controllers. In the November security patch bundle, Microsoft released patches to resolve two vulnerabilities ( CVE-2021-42287 and CVE-2021-42278 ) in the Windows Active Directory Domain Services. On December 12th a proof
Install patches to protect Domain Controllers warns Microsoft Read More »
This week Microsoft released their last monthly security patch bundle for the year, fixing six zero-day vulnerabilities – and many other companies released security updates as well. Microsoft Updates for December This month Microsoft’s security bundle includes fixes for 67 vulnerabilities with six of them classified as zero-day – which means in Microsoft’s terms: that
December Patch Tuesday updates Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.