Network security vendor F5 has revealed a critical CVSS 9.8 vulnerability that affects all version of their BIG-IP range from version 11.x through to 16.x The vulnerability which was discovered by F5’s own testing, could allow an unauthenticated attacker with network access to the BIG-IP system through the management port (or self-ip address) to execute […]
F5 warns of critical BIG-IP vulnerability Read More »
New research from Mandiant shows the explosive growth in zero-day exploits, with more zero-days exploited in attacks in 2021 than in the three previous years combined. The generally accepted definition of a zero-day is: a security vulnerability that is exploited in the wild before a patch was made publicly available. (Microsoft has a slightly different
Zero-days are on the rise Read More »
Oracle has issued patches for a serious flaw in Java versions 15 to 18 which allows malicious actors to trivially forge digital signatures and TLS certificates that Java then accepts as valid. The problem lies in the Elliptic Curve Digital Signature Algorithm (ECDSA) which was re-written for Java 15 and this introduced the flaw which
Oracle Patches Java signature bypass flaw Read More »
On 16:10 on Friday 8th April 2022 Russia attempted to repeat their 2016 cyberattack against the Ukrainian power grid – however this time they were foiled. Security firm ESET and the Ukraine Computer Emergency Response Team CERT-UA report how they foiled the attack from the Russian Sandworm APT group which attempted to deploy malware targeting
Russian hack of Ukraine power grid fails Read More »
Wyze has finally released fixes for vulnerabilities which could give attackers direct access to live video feeds and stored recordings in their smart cameras. Researchers at Bitdefender discovered the first of three vulnerabilities back in 2019 and then waited over a year and a half to report on the third as Wyze had not produced
Wyze Security Camera vulnerabilities Read More »
Google has released a patch for a zero day exploit in Google Chrome – the second zero day patched so far this year. Tracked as CVE-2022-1096, this High severity Type Confusion vulnerability was reported on 23rd March and a patch was released just 48 hours later. Google is aware that an exploit exists in the
Google Chrome Zero Day Patched Read More »
When the LAPSUS$ ransomware group broke into the network of Nvidia, the data they stole included two code signing certificates which are now being used to sign malware to help it bypass security defences. In order to prove that an application or driver is genuine and really does come from the named developer, a digital
Stolen Nvidia certs uses to sign malware Read More »
Our monthly summary of recent important security patches includes updates from Microsoft and HP Microsoft Patch Tuesday March 2022 The March security updates from Microsoft address 71 security vulnerabilities, including several rated as critical or zero-day: Microsoft Exchange Server remote code execution vulnerability ( CVE-2022-23277) allowing an authenticated malicious user to run their code with admin
March Security Updates Read More »
The US Cybersecurity and Infrastructure Security Agency (CISA) maintains a list of known vulnerabilities that are the most commonly exploited by threat actors. At the start of March the list was extended by another 95 bugs including several critical Cisco vulnerabilities. The known exploited vulnerabilities catlog is part of the CISA’s Shields-Up initiative that provides
These are the vulnerabilities being targeted today Read More »
The Russian attack on Ukraine is a new kind of war, being fought in cyber space as much as it is on the city streets of Ukraine. Microsoft reports that Ukrainian networks were targeted with FoxBlade malware several hours before the start of the invasion on the 24th February. Said Brad Smith, President & Vice
Malware spike linked to Ukraine invasion Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.