A critical vulnerability has been identified in multiple versions of Atlassian’s Bitbucket Server and Bitbucket Data Center. A recent advisory released by Bitbucket Support explains that all versions after 6.10.17, including 7.0.0 and later, have been affected by this flaw. However, this vulnerability is not present in Atlassian Cloud sites, so users who access Bitbucket […]
Critical Atlassian Bitbucket Vulnerability Read More »
GitLab have published a critical security release this week to notify their users about an update that contains important security fixes. Versions 15.3.1, 15.2.3, and 15.1.5 were released for GitLab Community Edition (CE) and Enterprise Edition (EE), in order to patch a remote code execution (RCE) vulnerability. GitLab is used as a DevOps platform for
GitLab Patch Critical Remote Code Execution Flaw Read More »
A denial-of-service vulnerability was identified this month in Palo Alto Networks PAN-OS software. This week, the Cybersecurity and Infrastructure Agency (CISA), a branch of the US government, have added this vulnerability to their list of known exploited vulnerabilities. Tracked as CVE-2022-0028, this flaw affects the URL filtering policy in multiple versions of PAN-OS running on
Palo Alto Networks Exploited in DoS Attacks Read More »
Apple have released a security update this week to patch two actively exploited zero-day vulnerabilities. Both of these flaws affect Macs using the macOS Monterey operating system, iPhone 6s and later generations, and all models of the iPad Pro. Updates for the operating systems of these affected devices were released on 17th August. Users should
Apple Fix Two Exploited Zero-Day Vulnerabilities Read More »
Google have released a security update this week for the Chrome desktop app for Windows, Mac, and Linux. This update patches 11 vulnerabilities, one of which is a zero-day flaw that is known to be exploited in the wild, and another has been given a critical severity rating. This is the fifth security update for
Chrome Update Fixes Critical and Zero-Day Flaws Read More »
Microsoft’s August patch Tuesday security update included fixes for 138 vulnerabilities, 17 of which were classified as ‘Critical’ flaws. The security patches issued cover 40 different Microsoft and Windows products and features, including critical Windows system operations, and popular applications such as Microsoft Edge, Microsoft Office, and the Microsoft Exchange Server. Two zero-day vulnerabilities were
Microsoft Patches Critical Zero-Day Vulnerabilities Read More »
VMware released a critical security advisory this week to warn users of security vulnerabilities that have been found in a variety of their systems. VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector, and vRealize Automation products have all received security patches to deal with these vulnerabilities. VMware advise all users that it
VMware Patch Critical Authentication Bypass Flaw Read More »
A vulnerability in Atlassian’s Questions for Confluence app has been found that includes hardcoded credentials that remote attackers can exploit to access the Confluence Server or Confluence Data Center it is hosted on. The versions of Questions for Confluence with this vulnerability unpatched are 2.7.34, 2.7.35, and 3.0.2. Atlassian have released a security advisory rating
Critical Confluence Vulnerability Exploited in the Wild Read More »
The Microsoft 365 Defender Research Team have released a security warning to macOS users about a vulnerability they have discovered in Apple’s App Sandbox. The vulnerability tracked as CVE-2022-26706 was first uncovered in October 2021, however a new Proof of Concept (PoC) has been released by Microsoft in two formats, one of which is describe
Proof of Concept Released for MacOS Vulnerability Read More »
An actively exploited Windows Client Server Runtime Subsystem (CSRSS) vulnerability was one of 84 patched in this week’s Microsoft patch Tuesday. First discovered by the Microsoft Threat intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC), CVE-2022-22047 is tracked as a ‘High’ severity vulnerability, with a CVSS rating of 7.8/10. It affects devices running Windows
Publicly Disclosed Windows Vulnerability Patched Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.