The New Year gets off to a busy start for Microsoft with the first security patch updates resolving over 100 vulnerabilities including six zero-days and one critical flaw identified as wormable. A wormable vulnerability can be exploited with no human intervention allowing malware to move from one computer to another across your network. This flaw […]
Microsoft January Patch Tuesday Read More »
Proof of Concept code has been published showing how to exploit two vulnerabilities that would allow an attacker to obtain domain admin privilege on your Windows Domain Controllers. In the November security patch bundle, Microsoft released patches to resolve two vulnerabilities ( CVE-2021-42287 and CVE-2021-42278 ) in the Windows Active Directory Domain Services. On December 12th a proof
Install patches to protect Domain Controllers warns Microsoft Read More »
This week Microsoft released their last monthly security patch bundle for the year, fixing six zero-day vulnerabilities – and many other companies released security updates as well. Microsoft Updates for December This month Microsoft’s security bundle includes fixes for 67 vulnerabilities with six of them classified as zero-day – which means in Microsoft’s terms: that
December Patch Tuesday updates Read More »
Mozilla has published a security advisory warning of a critical security vulnerability in the Network Security Services libraries which are widely used by open-source software. While the bug does not impact Mozilla Firefox, it is thought to affect many other email clients and PDF viewers that use the electronic signature verification features of the Network
Mozilla warns of digital signature vulnerability Read More »
This week there have been several exploits published that target recently published (and patched) vulnerabilities in Microsoft Exchange Server and Windows 10/11 systems. Coming just a week after Microsoft published patches for these vulnerabilities, already proof of concept code has been made available on GitHub and threat actors have started targeting the exploits hoping to
Attackers rapidly target Microsoft vulnerabilities Read More »
Blacksmith is a new kind of Rowhammer attack that has been proved to successfully bypass existing Rowhammer protections in modern DDR4 memory chips – allowing researchers to extract security secrets and change memory contents on victim computers. What is Rowhammer? Modern computer memory chips are physically very dense – with billions of memory cells (each
Blacksmith brings down the Rowhammer Read More »
Palo Alto Networks has released a critical patch for their firewalls with GlobalProtect Portal or Gateway interfaces. With a critical severity rating of 9.8, this memory corruption vulnerability could allow an attacker to execute remote code on the firewall with root privileges. According to the security advisory published by Palo Alto Networks: This issue is
Palo Alto Networks patches VPN/Firewalls Read More »
November’s security updates bring a bundle of important fixes for vulnerabilities in Windows and Android devices Microsoft Patch Tuesday Updates Microsoft’s security update this month fixes 55 security flaws with 6 of them called out as zero-day vulnerabilities. Microsoft classifies a zero-day as a vulnerability that is either under active attack in the wild or
November Security Updates Read More »
Trojan Source is a new kind of source code and supply chain attack that causes the source code reviewed by a human to be different from the actual software generated by the compiler – meaning the behaviour of the software will not match what the source code appears to say. In 2000, a phishing attack
What is a Trojan Source attack? Read More »
A javascript library downloaded millions of times each week was compromised in a supply chain attack which targeted the npm software registry. npm describes itself as the worlds largest software registry, and is used to host and share thousands of open source and private software projects. The javascript library in question is used by companies
Javascript supply chain attack hits millions of users Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.