SecureTeam

Critical Flaws in D-View Network Management Suite

D-View network management suite, developed by D-Link, has received a security update to patch two critical severity vulnerabilities. D-View can be used to control device configurations, monitor performance, and create network maps, as well as for other administrative network management tasks. These operations require access to devices and network components with high privileges so the […]

Critical Flaws in D-View Network Management Suite Read More »

Maximum Severity Flaw Patched in GitLab

News, Vulnerabilities / Ian Reynolds

A vulnerability affecting GitLab Community and Enterprise Editions, has been assigned the highest possible CVSS score of 10.0. GitLab is a web-based Git repository used for remote code management by developers and their teams, with approximately 30 million registered users. GitLab have released an emergency security update to address this critical flaw which they advise

Maximum Severity Flaw Patched in GitLab Read More »

Actively Exploited Flaws Patched in Apple Devices

News, Vulnerabilities / Ian Reynolds

The latest software updates released by Apple for macOS, iOS, iPadOS, Safari, tvOS, and watchOS contain patches for three zero-day vulnerabilities that are known to be actively exploited in attacks. These vulnerabilities exist within the WebKit browser engine used by Safari, and other macOS and iOS applications. Currently the CVE information about these vulnerabilities is

Actively Exploited Flaws Patched in Apple Devices Read More »

Windows Security Feature Bypass Vulnerability

News, Vulnerabilities / Ian Reynolds

Attackers are targeting a pair of Windows bugs that can be exploited simply by sending a malicious email to the victim, allowing the attacker to steal the users Windows credentials. A vulnerability in the MSHTML / EdgeHTML component used in Microsoft products such as Internet Explorer (now retired), WebBrowser control, Microsoft Edge, and other legacy applications

Windows Security Feature Bypass Vulnerability Read More »

WordPress Plugin Flaw has Public Exploit Code

News, Vulnerabilities / Ian Reynolds

A vulnerability in the WordPress plugin Advanced Custom Fields and Advanced Custom Fields Pro is being actively exploited by attackers after proof of concept (PoC) code for the exploit was released. The Advanced Customs Fields plugin has been installed on over 2M WordPress sites worldwide however only 31.5% of users have installed update version 6.1

WordPress Plugin Flaw has Public Exploit Code Read More »

Linux Kernel Vulnerability Allows Elevation to Root

News, Vulnerabilities / Ian Reynolds

A vulnerability has been identified in NetFilter, a packet filtering and NAT (Network Address Translation) framework within the Linux kernel. This vulnerability can allow local users to escalate privileges to gain root level access, resulting in complete control over the vulnerable system. Multiple Linux kernel releases are affected by this flaw, including the most recent

Linux Kernel Vulnerability Allows Elevation to Root Read More »

Android Update Patches Exploited Kernel Flaw

News, Vulnerabilities / Ian Reynolds

An Android security bulletin has been released detailing the vulnerabilities patched in the May 2023 updates for patch levels 2023-05-01 and 2023-05-05. Included in this update is a fix for a high severity flaw first identified in January, found in the Linux Kernel of affected devices. This vulnerability is known to have been exploited as

Android Update Patches Exploited Kernel Flaw Read More »

Critical 2018 Vulnerability Actively Exploited in TBK

News, Vulnerabilities / Ian Reynolds

A five-year-old authentication bypass vulnerability present in TBK DVR4104 and DVR4216 TBK Vision devices is being actively exploited in attacks. TBK DVR (digital video recording) devices are sold under other brand names including Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR. The wide range of rebrands

Critical 2018 Vulnerability Actively Exploited in TBK Read More »

Cisco Zero-Day Cross-Site Scripting Vulnerability

News, Vulnerabilities / Ian Reynolds

Cisco Prime Collaboration Deployment software has been found to have a zero-day vulnerability that could allow for cross-site scripting attacks to take place. The Cisco Prime Collaboration Deployment application is a server management tool which can assist in the migration of older software version clusters to new virtual machines, as well as performing fresh installs,

Cisco Zero-Day Cross-Site Scripting Vulnerability Read More »

New Chromium OSS Zero-Day Actively Exploited

News, Vulnerabilities / Ian Reynolds

Another zero-day vulnerability has been identified in the Google Chrome desktop application, just days after the previous emergency update was released. Microsoft have determined this to be a publicly disclosed vulnerability with a verified exploit. The stable channel update for desktop version 112.0.5615.137 was released last week for Windows and Mac, with the Linux update

New Chromium OSS Zero-Day Actively Exploited Read More »

Vulnerabilities

Critical Flaws in D-View Network Management Suite

Maximum Severity Flaw Patched in GitLab

Actively Exploited Flaws Patched in Apple Devices

Windows Security Feature Bypass Vulnerability

WordPress Plugin Flaw has Public Exploit Code

Linux Kernel Vulnerability Allows Elevation to Root

Android Update Patches Exploited Kernel Flaw

Critical 2018 Vulnerability Actively Exploited in TBK

Cisco Zero-Day Cross-Site Scripting Vulnerability

New Chromium OSS Zero-Day Actively Exploited

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch