A critical severity Citrix ADC and Citrix Gateway remote code execution (RCE) flaw has been confirmed to be exploited in the wild. Now known as NetScaler ADC and NetScaler Gateway, both end of life and supported versions of these products are vulnerable to this flaw, and two other vulnerabilities, addressed in the latest security update […]
Citrix ADC and Gateway RCE Vulnerability Exploited Read More »
Adobe ColdFusion vulnerabilities are being actively exploited by attackers to bypass authentication and execute remote commands to create a webshell on the vulnerable endpoint. ColdFusion is an Adobe product for web developers providing cloud based coding environments to build apps. Researchers at Rapid7 discovered an improper access control vulnerability in Adobe ColdFusion 2018, 2021, and
Adobe ColdFusion Attack Chain Actively Exploited Read More »
Open-source social network Mastodon has needed to address one high severity and two critical severity vulnerabilities affecting their platform and servers, as well as one moderate severity flaw. Security advisories released by Mastodon explain that these vulnerabilities were discovered by auditors at Cure53 during a code review they were completing on behalf of Mozilla. The
Mastodon Patch High and Critical Vulnerabilities Read More »
The new Android security update for this month has fixed a total of 46 vulnerabilities, three of which are thought to be actively exploited in what Android describe as “limited, targeted” attacks. Two security patch levels have been released, 2023-07-01, which addresses all issues within this security patch level for the system and framework as
Android July Update Patches Actively Exploited Flaws Read More »
A critical zero-day vulnerability has been exploited in the WordPress plugin Ultimate Member that allows attackers to escalate their privileges and gain full control over the website. Ultimate Member is a WordPress plugin that enables users to sign-up, and for the WordPress website to handle memberships and profiles. It currently has over 200,000+ active installations,
Zero-Day Vulnerability Exploited in WordPress Plugin Read More »
A critical vulnerability has been discovered in ArcServe Unified Data Protection (UDP) versions 7.0 to 9.0 that can be exploited to bypass authentication on the system. ArcServe UDP is data protection software used for ransomware protection through attack neutralisation, data restoration, and disaster recovery. This authentication bypass vulnerability could result in attackers obtaining admin privileges,
Exploit for Critical Auth Bypass Flaw in ArcServe UDP Read More »
Three actively exploited vulnerabilities have recently been patched by Apple, two of which have been used to deploy Triangulation spyware onto iOS devices. Russian security firm Kaspersky published a report investigating the use of these vulnerabilities in what they have termed ‘Operation Triangulation’ which involves the implant of TriangleDB (Kaspersky’s term) on vulnerable iOS devices.
Apple Fix Exploited Flaws Used to Deploy Spyware Read More »
Open-source data analytics and visualisations organisation Grafana have released a new security update for their app that patches a critical severity authorisation bypass flaw. This vulnerability affects Grafana accounts that use Azure Active Directory (AD) for account authentication. The new releases include Grafana versions 10.0.1, 9.5.5, 9.4.13, 9.3.16, 9.2.20, and 8.5.27. Other security fixes are
Grafana Fix Azure AD Authentication Bypass Flaw Read More »
Zyxel Network Attached Storage (NAS) devices have received a security update to patch a critical severity command injection vulnerability. Devices affected by this flaw include NAS326 models running firmware version V5.21(AAZF.13)C0 or prior, NAS540 models running firmware version V5.21(AATB.10)C0 or prior, and NAS542 models running firmware version V5.21(ABAG.10)C0 or prior. In their security advisory, Zyxel
Critical Vulnerability Patched in Zyxel NAS Devices Read More »
The new ASUS router firmware update contains security patches for nine vulnerabilities amongst other important security fixes. Six of these vulnerabilities are high severity flaws, while another two, from 2018 and 2022, are rated as critical, with CVSS base scores of 9.8. Four of the high severity flaws were also legacy fixes from 2022, while
ASUS Patch Critical Flaws from 2022 and 2018 Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.