SecureTeam

Adobe ColdFusion Vulnerability Actively Exploited

A critical arbitrary code execution vulnerability is being actively exploited in unpatched Adobe ColdFusion versions 2018 and 2021. A security bulletin was released by Adobe to inform users of this actively exploited vulnerability, along with two other vulnerabilities patched in the same update, a critical severity deserialisation flaw and a memory leak path traversal vulnerability. […]

Adobe ColdFusion Vulnerability Actively Exploited Read More »

Two Zero-Day Vulnerabilities Fixed in Patch Tuesday

News, Vulnerabilities / Ian Reynolds

A total of 83 vulnerabilities have been addressed in this month’s patch Tuesday security updates from Microsoft, including two zero-day flaws, and nine vulnerabilities rated as critical severity. Four of these critical severity vulnerabilities specifically affecting Windows 11, and one affecting Microsoft Office, have been included in Microsoft Defender’s default new vulnerabilities notifications sent to

Two Zero-Day Vulnerabilities Fixed in Patch Tuesday Read More »

Critical and Exploited Vulnerabilities in FortiOS

News, Vulnerabilities / Ian Reynolds

A zero-day flaw in FortiOS has been found to be exploited in attacks against governmental and other large organisations, resulting in file corruption and data loss. This vulnerability was only considered medium severity, with a CVSS base score of 6.5, however it has been exploited to take down multiple FortiGate firewall devices in a complex

Critical and Exploited Vulnerabilities in FortiOS Read More »

Flaws in Windows 11 Security Hardware TPM 2.0

News, Vulnerabilities / Ian Reynolds

Two out-of-bounds buffer overflow vulnerabilities have been found in the TPM 2.0 system hardware used across all Windows 11 devices. A TPM (Trusted Platform Module) is a processor used for hardware-based cryptographic operations, to secure encryption keys, and protect the boot process by defending against malicious tampering. Microsoft made it a requirement for PCs to

Flaws in Windows 11 Security Hardware TPM 2.0 Read More »

Android Update Fixes Critical Vulnerabilities

News, Vulnerabilities / Ian Reynolds

A new security update has been released for Android devices, patching a total of 60 vulnerabilities across two security patch levels, including 4 critical severity flaws. The March Android Security Bulletin lists each vulnerability, it’s type, and the severity, however detailed information about each flaw has not yet been released to allow users to apply

Android Update Fixes Critical Vulnerabilities Read More »

Exploited Critical Flaws in WordPress Theme Plugin

News, Vulnerabilities / Ian Reynolds

Two critical severity vulnerabilities are being actively exploited by attackers in a WordPress plugin theme called Houzez. This theme is a premium plugin often used to create websites for organisations in the real estate industry. Houzez is a theme produced by the vendor ThemeForest, who fixed the first of these vulnerabilities in August 2022, and

Exploited Critical Flaws in WordPress Theme Plugin Read More »

Citrix Privilege and Access Control Vulnerabilities

News, Vulnerabilities / Ian Reynolds

Security vulnerabilities have been identified in Citrix Virtual Apps and Desktops, and Citrix Workspace app for Windows and Linux. A total of 4 vulnerabilities have been addressed in the latest updates for these Citrix products which if exploited would allow attackers to perform elevation of privileges and take control of the system. These flaws have

Citrix Privilege and Access Control Vulnerabilities Read More »

FortiNAC and FortiWeb Code Execution Flaws Patched

News, Vulnerabilities / Ian Reynolds

Fortinet has released two security updates to patch two critical severity vulnerabilities across their FortiNAC and FortiWeb products. Fortinet are a cybersecurity company that offer a range of products and solutions to improve the security of their customers. FortiNAC is a zero-trust Network Access Control solution used by organisations to enforce security policies, detect and

FortiNAC and FortiWeb Code Execution Flaws Patched Read More »

Unpatched VMware ESXi Server Ransomware Attack

News, Vulnerabilities / Ian Reynolds

Cyber criminals are actively targeting a two-year-old vulnerability in VMware ESXi servers in a large-scale ransomware attack campaign. This is not a zero-day flaw, and a patch has been available since it was identified in 2021, however some customers have not installed the latest security updates but are continuing to use the products in an

Unpatched VMware ESXi Server Ransomware Attack Read More »

Emergency Updates Released to Patch Apple Zero-Day

News, Vulnerabilities / Ian Reynolds

A zero-day vulnerability has been identified in some versions of iOS, iPadsOS, macOS, and Safari. Apple have confirmed they are aware of reports of this vulnerability being actively exploited in the wild. Emergency security updates have been released this week to patch this vulnerability as soon as possible across all affected devices. Apple publish all

Emergency Updates Released to Patch Apple Zero-Day Read More »

Vulnerabilities

Adobe ColdFusion Vulnerability Actively Exploited

Two Zero-Day Vulnerabilities Fixed in Patch Tuesday

Critical and Exploited Vulnerabilities in FortiOS

Flaws in Windows 11 Security Hardware TPM 2.0

Android Update Fixes Critical Vulnerabilities

Exploited Critical Flaws in WordPress Theme Plugin

Citrix Privilege and Access Control Vulnerabilities

FortiNAC and FortiWeb Code Execution Flaws Patched

Unpatched VMware ESXi Server Ransomware Attack

Emergency Updates Released to Patch Apple Zero-Day

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch