A five-year-old vulnerability is currently being exploited in Zyxel P660HN-T1A routers to introduce a Gafgyt malware variant onto target networks. An outbreak alert has been issued by Fortinet to inform users that this end-of-life router running versions before 7.3.15.0 v001/ 3.40 (ULM.0)b31 is being actively targeted in the wild. Zyxel published a security advisory back […]
Malware Attacks Target Zyxel End-Of-Life Routers Read More »
A Defense-In-Depth Office update has been released by Microsoft as a part of the Patch Tuesday updates made available this week to fix an actively exploited remote code execution (RCE) flaw. This vulnerability was first identified last month, when it was confirmed to be actively exploited and publicly disclosed. At the time of discovery, it
Actively Exploited Office RCE Attack Chain Patched Read More »
A critical severity flaw in PaperCut NG and PaperCut MF print management applications that can allow unauthenticated attackers to perform remote code execution (RCE) on vulnerable Windows servers. Any use of the affected PaperCut software prior to version 22.1.3 on Windows that is exposed to the internet is vulnerable to exploitation. For the best security,
PaperCut Flaw Allows RCE on Windows Servers Read More »
A zero-day cross-site scripting (XSS) flaw that has been exploited in the wild has now been patched for Zimbra Collaboration Suite in version 8.8.15 patch 41. Two other vulnerabilities have been patched in this update, which are a high severity flaw that can allow for denial of service (DoS) attacks, and another vulnerability that can
Zimbra Collaboration Suite Patch Zero-Day Flaw Read More »
Canon Inkjet printers have been found to retain sensitive Wi-Fi information after the usual wipe that is performed in the initialisation process. Canon have released a security advisory to warn their customers that information that can be used to connect to previously connected Wi-Fi is kept within the memory of the Wi-Fi connection settings, and
Canon Printers Retain Wi-Fi Information After Wipe Read More »
An actively exploited vulnerability has been patched in that latest updates for Ivanti Endpoint Manager Mobile (EPMM), previously known as MobileIron Core. This zero-day flaw affects all supported versions of this mobile device management software, as well as some older release versions before EPMM 11.8.1.0 that are no longer managed by the developers. Ivanti have
Ivanti Patch Actively Exploited EPMM Zero-Day Flaw Read More »
A peer-to-peer (P2P) worm known as P2PInfect has been discovered by security researchers at Unit42 to be actively targeting Windows and Linux based Redis servers. Redis is an open-source database application used in cloud environments. This Rust-based worm targets publicly communicating internet-exposed cloud-based servers by exploiting a flaw that is over a year old. There
Unpatched Redis Servers Targeted by P2P Malware Read More »
A critical severity Citrix ADC and Citrix Gateway remote code execution (RCE) flaw has been confirmed to be exploited in the wild. Now known as NetScaler ADC and NetScaler Gateway, both end of life and supported versions of these products are vulnerable to this flaw, and two other vulnerabilities, addressed in the latest security update
Citrix ADC and Gateway RCE Vulnerability Exploited Read More »
Adobe ColdFusion vulnerabilities are being actively exploited by attackers to bypass authentication and execute remote commands to create a webshell on the vulnerable endpoint. ColdFusion is an Adobe product for web developers providing cloud based coding environments to build apps. Researchers at Rapid7 discovered an improper access control vulnerability in Adobe ColdFusion 2018, 2021, and
Adobe ColdFusion Attack Chain Actively Exploited Read More »
Open-source social network Mastodon has needed to address one high severity and two critical severity vulnerabilities affecting their platform and servers, as well as one moderate severity flaw. Security advisories released by Mastodon explain that these vulnerabilities were discovered by auditors at Cure53 during a code review they were completing on behalf of Mozilla. The
Mastodon Patch High and Critical Vulnerabilities Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.