Open-source social network Mastodon has needed to address one high severity and two critical severity vulnerabilities affecting their platform and servers, as well as one moderate severity flaw. Security advisories released by Mastodon explain that these vulnerabilities were discovered by auditors at Cure53 during a code review they were completing on behalf of Mozilla. The […]
Mastodon Patch High and Critical Vulnerabilities Read More »
A critical zero-day vulnerability has been exploited in the WordPress plugin Ultimate Member that allows attackers to escalate their privileges and gain full control over the website. Ultimate Member is a WordPress plugin that enables users to sign-up, and for the WordPress website to handle memberships and profiles. It currently has over 200,000+ active installations,
Zero-Day Vulnerability Exploited in WordPress Plugin Read More »
Zyxel Network Attached Storage (NAS) devices have received a security update to patch a critical severity command injection vulnerability. Devices affected by this flaw include NAS326 models running firmware version V5.21(AAZF.13)C0 or prior, NAS540 models running firmware version V5.21(AATB.10)C0 or prior, and NAS542 models running firmware version V5.21(ABAG.10)C0 or prior. In their security advisory, Zyxel
Critical Vulnerability Patched in Zyxel NAS Devices Read More »
A critical remote code execution vulnerability has been patched in the latest Fortigate firmware updates for Fortinet FortiOS, FortiOS-6K7K, and FortiProxy SSL VPN devices. These updates were pushed out last week, however specific details about the critical vulnerability patched was not made available until Monday, when Fortinet published a security advisory detailing fixed versions, and
Critical RCE Fortinet Flaw May Have Been Exploited Read More »
A vulnerability in the WordPress plugin Advanced Custom Fields and Advanced Custom Fields Pro is being actively exploited by attackers after proof of concept (PoC) code for the exploit was released. The Advanced Customs Fields plugin has been installed on over 2M WordPress sites worldwide however only 31.5% of users have installed update version 6.1
WordPress Plugin Flaw has Public Exploit Code Read More »
A five-year-old authentication bypass vulnerability present in TBK DVR4104 and DVR4216 TBK Vision devices is being actively exploited in attacks. TBK DVR (digital video recording) devices are sold under other brand names including Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR. The wide range of rebrands
Critical 2018 Vulnerability Actively Exploited in TBK Read More »
The threat actor known as Vice Society, a ransomware gang known for their attacks against the education sector in the USA, has recently been found to use a custom Microsoft PowerShell (PS) script for exfiltrating data from their victims. This threat actor previously used PS scripts staged on a domain controller to perform a range
Vice Society Use Automated Data Exfiltration Read More »
HP Enterprise LaserJet and HP LaserJet Managed printers that use FutureSmart version 5.6 and have enabled IPsec could be vulnerable to a disclosed, unpatched, critical severity vulnerability that HP have warned will take 90 days to remediate. A security bulletin was released by HP this week to inform customers of this vulnerability which includes an
Critical Vulnerability in HP Enterprise Printers Read More »
A high severity vulnerability in WordPress plugin Elementor Pro has been found to be actively exploited. The plugin WooCommerce must also be running on the same site in order for this exploit to take place. The payment plugin WooCommerce was force-updated in March to patch a critical vulnerability that let unauthenticated attackers gain admin access
WordPress Elementor Pro Plugin Flaw Exploited Read More »
Adversary in the middle (AiTM) is a phishing attack technique in which a proxy server is deployed between the victim and the website they are attempting to access. This allows for the attacker to be placed ‘in the middle’ of the victim and the target website, allowing the attacker to intercept and steal the victim’s
Open-Source Phishing Kit Used in AiTM Attacks Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.