Proof of concept (PoC) code has been released for three critical vulnerabilities in WordPress plugins that allow for SQL injection into the website code. The affected plugins are Paid Memberships Pro, Easy Digital Downloads, and Survey Maker, all of which have now received security updates that patch the SQL injection flaws. A security researcher at […]
WordPress Plugins have SQL Injection Vulnerabilities Read More »
A new version of the Chrome desktop app has been released to the Chrome Stable Channel available for all platforms. Chrome version 109.0.5414.74 on Linux, 109.0.5414.74/.75 on Windows, and 109.0.5414.87 on Mac contain new Chrome 109 features, as well as security patches for 17 vulnerabilities, two of which are high severity flaws. CVE-2023-0128 is a
Google Chrome Update Patches 17 Vulnerabilities Read More »
This week was the first Microsoft Patch Tuesday of 2023, where a total of 98 different vulnerabilities have been patched, including an actively exploited zero-day flaw. This update addresses twice the number of vulnerabilities as the December 2022 Patch Tuesday, which saw fixes for 49 vulnerabilities and 2 zero-day flaws. Eleven of the vulnerabilities patched
First Microsoft Patch Tuesday of 2023 Fixes Zero-Day Read More »
A remote code execution vulnerability has been identified in the open source JSON Web Token (JWT) library in versions 8.5.1 and earlier. This was identified by Unit42 researchers at Palo Alto Networks back in July, and has been finally patched by the Auth0 engineering team just before Christmas. Unit 42 have released a blog post
Auth0 Patch RCE Vulnerability in JSON Web Token Read More »
A high severity SQL injection vulnerability has been patched in recent updates for Zoho ManageEngine products Password Manager Pro, PAM360, and Access Manager Plus. The software provider released a security advisory for this vulnerability where they advised customers of all three affected products to upgrade to the latest versions immediately due to the severity of
High Severity Vulnerability in ManageEngine Products Read More »
A recently discovered vulnerability in Synology routers configured to run as VPN servers has been given a critical severity rating and the maximum CVSS score of 10/10. Synology is a global data management and security company specialising in network attached storage (NAS) and storage area network (SAN) devices. Synology Router Manager (SRM) is the operating
Critical Vulnerability in Synology Router VPN Servers Read More »
A zero-day vulnerability has been identified in the Cisco Discovery Protocol processing feature of Cisco IP Phone series 7800 and 8800 firmware. Although a security advisory has been released by Cisco that discloses this high severity flaw, they have not yet released an update to patch it. An update is due to be released in
Cisco IP Phone Zero-Day Vulnerability Disclosed Read More »
A security update for December has been released by Google for Android that addresses 4 critical severity vulnerabilities. An additional 16 critical flaws have been patched in a Pixel update that has been released for Google Pixel devices. These 16 additional vulnerabilities patched are elevation of privilege flaws found in Pixel firmware, and LDFW, TF-A,
Android Update Patches Critical Vulnerabilities Read More »
Apple have released updates across their macOS platforms to address a vulnerability known as ‘Achilles’ that could allow malicious downloaded apps to bypass Gatekeeper security checks. A patch for this vulnerability was released in a security update last week, which can be found in macOS Ventura 13.1, macOS Monterey 12.6.2, and macOS Big Sur 11.7.2.
Apple MacOS Vulnerability Allows Gatekeeper Bypass Read More »
A critical zero-day vulnerability has been confirmed to be actively exploited by state-backed attackers to gain access to corporate networks. The National Security Agency (NSA), a branch of the US Government, have released a cybersecurity advisory to help organisations detect and mitigate attacks that exploit this vulnerability. Products affected by this flaw are Citrix ADC
Citrix Zero-Day Vulnerability Actively Exploited Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.