Microsoft has released a patch to fix a remote code execution flaw in the SMB protocol affecting Windows 10 PC and their servers. SMB is used by Active Directory, for network file sharing and some printers. Microsoft have published a security advisory which details the scope of the flaw. The problem is the way the SMBv3 […]
Microsoft patches critical SMB flaw Read More »
Most Android devices receive security updates for only 2 years from release – yet can remain on sale for much longer than that. Which means it is possible to by a brand new Android phone today that is already too old to receive security updates. When considering which smartphones and tablets to deploy to staff,
Android security updates risk for a billion devices Read More »
Kr00k is a serious Wi-Fi vulnerability which can trick a device to retransmit the last 32k of encrypted traffic with an encryption key of all zeros. The flaw affects devices using Wi-Fi chips from Broadcom and Cypress including Apple devices, Amazon Echo and Google Nexus devices. The bug can be triggered when a device disconnects
Kr00k Wi-Fi vulnerability affects a billion devices Read More »
From September 2020 the security certificates used to enable HTTPS communications can only be valid for a maximum of 13 months, says Apple. Since the Apple Safari browser enjoys a 17% market share, this restriction will likely force the whole industry to adopt the same limit in certificate lifespan. The Certificate Authority Browser Forum (CAB
Maximum TLS Cert validity reducing to 13 months Read More »
Several critical switch vulnerabilities that could allow an attacker to break network segmentation have been patched by Cisco. Dubbed CDPwn by the researchers at Armis who discovered the flaws, the vulnerabilities exists in a Level 2 networking protocol called Cisco Discovery Protocol (CDP). Network segmentation is an effective security strategy that isolates data and systems
Cisco patches critical switch flaws Read More »
Ragnarok ransomware is leveraging unpatched Citrix ADC servers and Windows computers to attack its victims. Citrix have now released a patch for CVE-2019-19781 and made it available to all clients – regardless of the status of their support contract. However, unpatched Citrix systems are being actively targeted with Ragnarok according to security firm Fireye. CVE-2019-19781 is
Ragnarok ransomware exploits Citrix vulnerability Read More »
Cable Haunt is a vulnerability in millions of cable modems which allows an attacker to execute arbitrary code on the modem. This vulnerability is interesting for two reasons – firstly the scale due to the number of vulnerable devices and secondly how the vulnerability came about. Cable Haunt is a buffer overflow defect in the
What is Cable Haunt? Read More »
A remote code execution vulnerability has been discovered in SQLite, dubbed Magellan 2.0 by the research team that discovered it. Tencent’s Blade security research team has published some details of a remote code execution vulnerability that affects all version of SQLite prior to the latest patch issued on 13 December 2019. SQLite is a widely used
SQLite remote code execution vulnerability Read More »
When Positive Technologies reported a serious flaw in a core element of the Citrix architecture just before Christmas, they predicted up to 80,000 businesses could be at risk. If that vulnerability is exploited, attackers obtain direct access to the company’s local network from the Internet. This attack does not require access to any accounts, and therefore
Citrix users face attack as RCE vulnerability is probed Read More »
In a statement posted on Twitter, Foreign Exchange specialist Travelex confirms that its systems had been subject to a cyberattack on New Years Eve and that many systems and services had been taken offline as a precaution. Four days into the incident, the main Travelex UK home page was still displaying an ASP.NET default error
Travelex offline due to cyber-attack Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.