Vulnerabilities Archives

VPN insecurity woes continue for Pulse Secure and Cisco

Cisco and Pulse Secure have both issued security advisories warning of critical Remote Code Execution vulnerabilities that affect some of their VPN servers. Pulse Secure Pulse Secure has shipped a patch to resolve several Remote Code Execution vulnerabilities in its Connect Secure VPN appliances. The August release addresses these issues and the vendor ‘strongly advises’ […]

VPN insecurity woes continue for Pulse Secure and Cisco Read More »

SeriousSAM exposes Windows credentials

News, Vulnerabilities / secureteampstg

A flaw in all versions of Windows 10 and Server 2019 released since November 2018 leaves the Security Account Manager file which contains all the hashed credentials for the PC, open for any user to read. Microsoft has issued a security advisory to track their investigations, but no permanent solution has been released – although

SeriousSAM exposes Windows credentials Read More »

PetitPotam attack leaves Windows Domain Controllers Vulnerable

News, Vulnerabilities / secureteampstg

Microsoft has moved swiftly to publish mitigation advice for a new NTLM relay attack against Windows Domain controllers, dubbed PetitPotam. An NTLM relay attack can occur when an attacker inserts themselves between a valid client-server authentication request in a Windows Domain or tricks one system into trying to authenticate itself and so providing a copy

PetitPotam attack leaves Windows Domain Controllers Vulnerable Read More »

The PrintNightmare continues

News, Vulnerabilities / secureteampstg

Since the start of June there has been a confusing number of security vulnerabilities reported in the Windows Print Spooler. Let me explain what is going on. CVE-2021-1675 This is the vulnerability that caused some initial confusion – a Remote Code Execution vulnerability in the Windows Print Spooler. This is not the vulnerability known as

The PrintNightmare continues Read More »

16 year old printer bug exposes millions of systems

News, Vulnerabilities / secureteampstg

SentinelLabs has discovered a severe escalation of privilege vulnerability in a printer driver used by HP, Samsung and Xerox devices since 2005 – affecting over 390 printer models and millions of computers. The vulnerable driver gets installed on Windows systems without any user intervention, simply by plugging in a printer with a USB cable or

16 year old printer bug exposes millions of systems Read More »

Microsoft’s July Patches fix 13 critical flaws

News, Vulnerabilities / secureteampstg

July is another bumper month for Microsoft as they ship fixes for 117 security vulnerabilities, 13 of them rated as critical and at least 4 are currently under active attack by cyber criminals. The actively exploited vulnerabilities patched this month are: CVE-2021-34527 – Windows Print Spooler RCE Vulnerability – aka PrintNightmare It’s third time lucky

Microsoft’s July Patches fix 13 critical flaws Read More »

Microsoft releases emergency patch for PrintNightmare

News, Vulnerabilities / secureteampstg

Microsoft has released an emergency patch that addresses the remote code execution vulnerability in the Windows Print Spooler, known as the PrintNightmare. According to Microsoft in their security advisory: A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run

Microsoft releases emergency patch for PrintNightmare Read More »

Netgear broadband router vulnerable to remote compromise

News, Vulnerabilities / secureteampstg

A new report from Microsoft’s security research team details how the Netgear DGN-2200 broadband router can be compromised remotely, allowing attackers access to the internal network. Microsoft’s 365 Defender Research Team has published a detailed report that explains the flaws they discovered in the firmware of the Netgear DGN-2200v1 ADSL router, that enables a remote

Netgear broadband router vulnerable to remote compromise Read More »

Critical PrintNightmare vulnerability exposes Domain controllers

News, Vulnerabilities / secureteampstg

Code demonstrating how to exploit an 0day vulnerability in the Windows Print Spooler was accidentally published on GitHub this week. This remote code execution vulnerability can be exploited to take control of a fully patched Windows Domain Controller. In the June 2021 Patch bundle, Microsoft delivered a fix for CVE-2021-1675, an elevation of privilege and

Critical PrintNightmare vulnerability exposes Domain controllers Read More »

iOS WiFi crashes with malicious hotspot name

News, Vulnerabilities / secureteampstg

iPhone users should beware after a bug is disclosed that can disable the WiFi system simply by connecting to a hotspot with a specially crafted name. The bug in iOS results from a poorly sanitised input string (Improper Input Validation) and in this case it was a failure to remove escape sequences from the input.

iOS WiFi crashes with malicious hotspot name Read More »

Vulnerabilities

VPN insecurity woes continue for Pulse Secure and Cisco

SeriousSAM exposes Windows credentials

PetitPotam attack leaves Windows Domain Controllers Vulnerable

The PrintNightmare continues

16 year old printer bug exposes millions of systems

Microsoft’s July Patches fix 13 critical flaws

Microsoft releases emergency patch for PrintNightmare

Netgear broadband router vulnerable to remote compromise

Critical PrintNightmare vulnerability exposes Domain controllers

iOS WiFi crashes with malicious hotspot name

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch