+44 (0)203 88 020 88

Menu

Search

cyber security news

Critical 2018 Vulnerability Actively Exploited in TBK

A five-year-old authentication bypass vulnerability present in TBK DVR4104 and DVR4216 TBK Vision devices is being actively exploited in attacks. TBK DVR (digital video recording) devices are sold under other brand names including Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR. The wide range of rebrands

Critical 2018 Vulnerability Actively Exploited in TBK Read More »

Cisco Zero-Day Cross-Site Scripting Vulnerability

Cisco Prime Collaboration Deployment software has been found to have a zero-day vulnerability that could allow for cross-site scripting attacks to take place. The Cisco Prime Collaboration Deployment application is a server management tool which can assist in the migration of older software version clusters to new virtual machines, as well as performing fresh installs,

Cisco Zero-Day Cross-Site Scripting Vulnerability Read More »

EvilExtractor Sold as ‘Educational Tool’ is Info Stealer

EvilExtractor is an info stealer malware tool designed for data theft attacks on Windows operating systems. Researchers at Fortinet’s threat research group FortiGuard Labs have published an analysis of this tool detailing the attack method for this malware, and its impact on its victims. The research concluded that although there are no specific industries targeted

EvilExtractor Sold as ‘Educational Tool’ is Info Stealer Read More »

New Chromium OSS Zero-Day Actively Exploited

Another zero-day vulnerability has been identified in the Google Chrome desktop application, just days after the previous emergency update was released. Microsoft have determined this to be a publicly disclosed vulnerability with a verified exploit. The stable channel update for desktop version 112.0.5615.137 was released last week for Windows and Mac, with the Linux update

New Chromium OSS Zero-Day Actively Exploited Read More »

Critical Vulnerabilities Patched by VMware

A security update has been released by VMware to patch two vulnerabilities in VMware Aria Operations for Logs products, which were previously called vRealize Log Insight. VMware vRealize Log Insight products had multiple remote code execution vulnerabilities that were addressed in January which could be exploited together in an attack chain. This new update addresses

Critical Vulnerabilities Patched by VMware Read More »

NCSC Warn of Jaguar Tooth Malware on Cisco Routers

Unpatched Cisco IOS routers are being targeted by Russian state-backed threat actor APT28 to deploy ‘Jaguar Tooth’ malware by exploiting a vulnerability from 2017. The National Cyber Security Centre (NCSC) have published a malware analysis report investigating this non-persistent malware recently seen to be infecting Cisco IOS routers using firmware C5350-IS-M version 12.3(6). A joint

NCSC Warn of Jaguar Tooth Malware on Cisco Routers Read More »

Apple Patch Zero-Day with Publicly Disclosed Exploit

Emergency security updates have been released by Apple for macOS, iOS, iPadOS, and Safari to patch two zero-day vulnerabilities, one of which has a publicly disclosed exploit. The other zero-day flaw addressed in these updates is also reported to be actively exploited in the wild. These emergency updates by Apple have been published less than

Apple Patch Zero-Day with Publicly Disclosed Exploit Read More »

Critical Vulnerability in HP Enterprise Printers

HP Enterprise LaserJet and HP LaserJet Managed printers that use FutureSmart version 5.6 and have enabled IPsec could be vulnerable to a disclosed, unpatched, critical severity vulnerability that HP have warned will take 90 days to remediate. A security bulletin was released by HP this week to inform customers of this vulnerability which includes an

Critical Vulnerability in HP Enterprise Printers Read More »

0

No products in the basket.

No products in the basket.