Apple has released MacOS 11.3 which patches a critical zero-day bug that allows malware to bypass the built in Gatekeeper and Notarization protections designed to protect users from malicious software. The bug is already under active attack from Shlayer malware and because it is trivial to replicate, you can expect to see a slew of […]
Apple patches critical zero-day in MacOS Read More »
An unauthorised change to a script used by Codecov customers to upload software test results has stolen the credentials and API tokens for thousands of organisation’s development environments. Codecov is a tool used to track what percentage of an application’s source code has been exercised during software testing. To do this, it is integrated into the
Compromise of Codecov dev tools affects thousands of customers Read More »
Security networking vendors SonicWall and Pulse Secure have both issued urgent alerts to customers regarding active zero-day attacks exploiting vulnerabilities in their products. SonicWall 3 zero-day vulnerabilities SonicWall has patched three zero-day vulnerabilities that affect their Email Security product. When chained together the vulnerabilities could allow an attacker to create a new administrator account on
SonicWall and Pulse Secure zero-day attacks Read More »
Facebook has been in the news this week over a data breach from 2019 when over half a billion user’s details were stolen from the company. What are the security implications for businesses today? In 2019 the Facebook website was scraped to steal the account information for over 500 million users – including combinations of
What are the implications of the Facebook data breach? Read More »
Microsoft has released an easy to install one-click mitigation tool for the critical Exchange security vulnerability known as ProxyLogon as the NCSC issues an urgent alert to UK firms. The Hafnium/Proxylogon attack against Microsoft Exchange servers worldwide is escalating. Security researchers at Checkpoint report a 10 fold increase in daily attacks against Exchange e-mail servers
Microsoft releases One-Click ProxyLogon workaround for Exchange Read More »
Programmable Logic Controllers manage industrial systems of all kinds, from oil rigs to vaccine production and one of the leading manufacturers of PLC is Rockwell Automation. A bad-as-it-gets (CVSS 10) vulnerability has been discovered that affects the Logix line of PLC devices. According to the alert issued by the US CERT: Successful exploitation of this
Rockwell Automation Critical Vulnerability in PLC Read More »
Microsoft has published details and out of cycle patches for several 0-day Exchange exploits under active attack. Microsoft Security Response Center advises: Due to the critical nature of these vulnerabilities, we recommend that customers apply the updates to affected systems immediately to protect against these exploits and to prevent future abuse across the ecosystem. The exploits have been linked to the
Exchange 0-day exploits need patching today Read More »
A hacker tried to poison the water supply in Oldsmar, Florida by dumping caustic soda into the water by adjusting the SCADA system in control of the water treatment plant. On Friday 5th February, an operator at the water plant noticed the mouse on his screen moving and accessing the control system software for the
Hackers attempt to Poison Water Supply Read More »
37,000 Plex Media servers exposed to the internet are being abused in DDOS attacks according to a new security report. Plex Media Server is a personal media library and streaming platform available on Windows, Mac and Linux platforms. One of the attractions of Plex is the ability to stream your local media library to remote
Plex Media Server abused in DDOS Attacks Read More »
The NAT Slipstreaming2.0 attack exploits the standard support for VOIP routing in NAT routers/firewalls to expose all devices on the internal network to attack from the internet. A new variant of the NAT Slipstreaming attack has been published which extends the attack to abuse the H.323 protocol used by VOIP devices to manage call forwarding.
What is the Nat Slipstreaming2.0 Attack? Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.