Two critical severity vulnerabilities are being actively exploited by attackers in a WordPress plugin theme called Houzez. This theme is a premium plugin often used to create websites for organisations in the real estate industry. Houzez is a theme produced by the vendor ThemeForest, who fixed the first of these vulnerabilities in August 2022, and […]
Exploited Critical Flaws in WordPress Theme Plugin Read More »
Security vulnerabilities have been identified in Citrix Virtual Apps and Desktops, and Citrix Workspace app for Windows and Linux. A total of 4 vulnerabilities have been addressed in the latest updates for these Citrix products which if exploited would allow attackers to perform elevation of privileges and take control of the system. These flaws have
Citrix Privilege and Access Control Vulnerabilities Read More »
Fortinet has released two security updates to patch two critical severity vulnerabilities across their FortiNAC and FortiWeb products. Fortinet are a cybersecurity company that offer a range of products and solutions to improve the security of their customers. FortiNAC is a zero-trust Network Access Control solution used by organisations to enforce security policies, detect and
FortiNAC and FortiWeb Code Execution Flaws Patched Read More »
Cyber criminals are actively targeting a two-year-old vulnerability in VMware ESXi servers in a large-scale ransomware attack campaign. This is not a zero-day flaw, and a patch has been available since it was identified in 2021, however some customers have not installed the latest security updates but are continuing to use the products in an
Unpatched VMware ESXi Server Ransomware Attack Read More »
A zero-day vulnerability has been identified in some versions of iOS, iPadsOS, macOS, and Safari. Apple have confirmed they are aware of reports of this vulnerability being actively exploited in the wild. Emergency security updates have been released this week to patch this vulnerability as soon as possible across all affected devices. Apple publish all
Emergency Updates Released to Patch Apple Zero-Day Read More »
A broken authentication vulnerability has been identified in Jira Service Management Server and Data Center versions after 5.3.0. Atlassian Support have published a security advisory to inform users of this vulnerability, which they have rated as critical severity, with a CVSS base score of 9.4. Versions of Jira Service Management Server and Data Center affected
Jira Service Management Authentication Vulnerability Read More »
QNAP have released a security advisory this week to warn users of a critical severity vulnerability affecting operating system versions QTS 5.0.1 and QuTS hero h5.0.1. Firmware updates for the affected systems have been released, which can be downloaded for supported NAS models to patch this flaw. Users of affected systems should update their devices
Critical Code Injection Flaw on QNAP NAS Devices Read More »
Multiple vulnerabilities have been patched in a new update for VMware vRealize Log Insight last week, some of which can be chained into an attack that results in remote code execution on unpatched systems. VMware vRealize Log Insight is an administrative tool for log analysis and infrastructure management also known as VMware Aria Operations for
VMware Patch Remote Code Execution Vulnerabilities Read More »
Apple have released security updates this week for a range of their software, including MacOS, watchOS, iOS, iPadOS, and Safari. Among these new releases is iOS 12.5.7, which contains backported security patches for older iPhone models to resolve a high severity zero-day vulnerability. This flaw was patched in more recent device models in December, however
Apple Backport Zero-Day Security Patches for iOS Read More »
Two new vulnerabilities have been disclosed on end-of-life Cisco RV Series small business routers. These vulnerabilities can be exploited individually or chained into an attack that allows for remote attackers to gain root access to the operating system where they can then execute arbitrary code. The affected devices are RV016 Multi-WAN VPN Routers, RV042 Dual
Critical Authentication Bypass in Cisco Routers Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.