HP has issued an alert warning of vulnerabilities in its HP Device Manager software which could allow an attacker to gain complete control over the server. With a CVSS score of 9.9 this vulnerability deserves prompt attention from Sys Admins responsible for HP servers. The HP alert describes three different vulnerabilities that together mean the […]
HP warns of Device Manager vulnerabilities Read More »
A critical vulnerability in Microsoft Netlogon was patched in the August patch cycle – but was so dangerous that details were not made public until September when (hopefully) many systems would have been patched. If you have not applied the August patch bundle to your domain controllers stop reading and go do it now. Really
Critical Domain Controller Flaw Requires Urgent Patching Read More »
The September 2020 patch Tuesday contain fixes for 23 Critical vulnerabilities in Microsoft products and 129 fixes in total – including a Microsoft Exchange vulnerability that can allow remote code execution simply by sending a specially crafted email to the server. A large patch bundle is a double edged sword – it’s reassuring that the
September patch Tuesday fixes 23 Critical Microsoft Vulnerabilities Read More »
A new vector for pass-the-hash attacks has been discovered targeting Windows 10 personalisation themes. A security researcher has published details of a potential issue with the design of Windows 10 themes that can be exploited to harvest Windows and Microsoft Account login credentials. A Windows 10 theme is a collection of customisation settings for Windows
Pass-the-hash attack discovered in Windows Themes Read More »
Achilles is the name of a set of 400 security vulnerabilities found in the Qualcomm chips that power a billion Android devices – many of which may never get fixed. Discovered by researchers at CheckPoint, the vulnerabilities all relate the DSP chip which is part of the Snapdragon processor that powers the phones and tablets.
What is the Achilles vulnerability? Read More »
Microsoft’s August patch-Tuesday bundle fixes 120 vulnerabilities including two under active exploitation- one of them over two years old. Weighing in at 120 fixes, the August 2020 Patch Tuesday is the third largest ever released by Microsoft. Of particular interest are 17 critical updates and two zero-day exploits which are being actively attacked. IE 11
Microsoft Patches two zero-day Exploits Read More »
TeamViewer Gmbh have released a patch for their Windows Desktop client to fix a credential leaking vulnerability which could allow a malicious webpage to obtain the hashed NTLM credentials of the active Windows user account. A simple flaw (CVE-2020-13699) in the way the TeamViewer desktop client handles custom URI handlers means a malicious webpage can
TeamViewer fixes credential theft vulnerability Read More »
The UK National Cyber Security Centre and CISA in the USA have issued a joint alert detailing the risk posed by the Qsnatch/Derek malware which attacks QNAP NAS devices. The National Cyber Security Centre states in the alert: All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security
Derek attacks QNAP NAS Devices Read More »
Boothole is a pervasive vulnerability that affects the GRUB2 boot loader that is used by most versions of Linux. By exploiting this vulnerability, attackers can run arbitrary code on almost any PC or Server and install RootKits or similar Malware that will persist reboots and be very difficult to detect. BootHole was first reported by
Boothole vulnerability explained Read More »
Dell has patched a path-traversal vulnerability in the remote management web interface for its latest PowerEdge servers The iDRAC controller is a Linux computer within the PowerEdge server which is used to remotely manage the host server – even when the host itself is powered down. According to Dell’s security advisory: Dell EMC iDRAC9 versions
DELL patches iDRAC vulnerability Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.