A zero-day flaw in FortiOS has been found to be exploited in attacks against governmental and other large organisations, resulting in file corruption and data loss. This vulnerability was only considered medium severity, with a CVSS base score of 6.5, however it has been exploited to take down multiple FortiGate firewall devices in a complex […]
Critical and Exploited Vulnerabilities in FortiOS Read More »
LastPass suffered two large-scale and public data breaches last year, the first in August to steal source code, and the second in November where partially encrypted password vault data and customer information was stolen. Information from the first breach was used to carry out the second attack, and a keylogger was installed on a senior
LastPass Hack Due to Unpatched Software Read More »
Two critical severity vulnerabilities are being actively exploited by attackers in a WordPress plugin theme called Houzez. This theme is a premium plugin often used to create websites for organisations in the real estate industry. Houzez is a theme produced by the vendor ThemeForest, who fixed the first of these vulnerabilities in August 2022, and
Exploited Critical Flaws in WordPress Theme Plugin Read More »
Threat actors are using the name and image associated with ChatGPT to distribute malware through phishing sites, social media pages, and malicious Android applications. ChatGPT is a well-known AI chatbot run by OpenAI and has reported more than 100 million users in January 2023, only 3 months after its initial launch. The high volume of
Fake ChatGPT Installs Windows and Android Malware Read More »
Fortinet has released two security updates to patch two critical severity vulnerabilities across their FortiNAC and FortiWeb products. Fortinet are a cybersecurity company that offer a range of products and solutions to improve the security of their customers. FortiNAC is a zero-trust Network Access Control solution used by organisations to enforce security policies, detect and
FortiNAC and FortiWeb Code Execution Flaws Patched Read More »
Cyber criminals are abusing the Google Ads system to spread malware in what is known as ‘malvertising’ attacks. As the Google Ads display first before the search results, victims can be conned into clicking onto a fake site when searching for software via Google’s search engine. The malicious websites are designed to impersonate legitimate websites,
Google Ads Spread Detection Evading Malware Read More »
QNAP have released a security advisory this week to warn users of a critical severity vulnerability affecting operating system versions QTS 5.0.1 and QuTS hero h5.0.1. Firmware updates for the affected systems have been released, which can be downloaded for supported NAS models to patch this flaw. Users of affected systems should update their devices
Critical Code Injection Flaw on QNAP NAS Devices Read More »
Multiple vulnerabilities have been patched in a new update for VMware vRealize Log Insight last week, some of which can be chained into an attack that results in remote code execution on unpatched systems. VMware vRealize Log Insight is an administrative tool for log analysis and infrastructure management also known as VMware Aria Operations for
VMware Patch Remote Code Execution Vulnerabilities Read More »
Two new vulnerabilities have been disclosed on end-of-life Cisco RV Series small business routers. These vulnerabilities can be exploited individually or chained into an attack that allows for remote attackers to gain root access to the operating system where they can then execute arbitrary code. The affected devices are RV016 Multi-WAN VPN Routers, RV042 Dual
Critical Authentication Bypass in Cisco Routers Read More »
Proof of concept (PoC) code has been released for three critical vulnerabilities in WordPress plugins that allow for SQL injection into the website code. The affected plugins are Paid Memberships Pro, Easy Digital Downloads, and Survey Maker, all of which have now received security updates that patch the SQL injection flaws. A security researcher at
WordPress Plugins have SQL Injection Vulnerabilities Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.