The last ever Windows 7 Patch Tuesday update also includes a fix to a long standing bug in the Windows cryptographic library (CryptoAPI) which could allow attackers to spoof digital certificates and conduct man-in-the-middle attacks. Microsoft has long warned that January 2020 was the end of support for Windows 7, meaning that this is expected […]
Final Windows 7 Patches and critical security bug fixed Read More »
New versions have been released for the four popular implementations of VNC after Kaspersky discovered thirty-seven vulnerabilities in the software VNC (or Virtual Network Computing) is a system that allows one device to access the screen and control the keyboard and mouse of another device. Using the Remote Frame Buffer (RFB) protocol, VNC has been
VNC Vulnerabilities patched Read More »
HP has issued a critical firmware update for a large number of their SSD drives which will fail after 32768 hours of operation. The defect in the firmware for the SSD drives will cause them to fail and all data on the drive to be permanently lost after 32,768 hours of operation. That’s 3 years,
Integer overflow flaw hits HP SSD Read More »
There are just two patch Tuesdays left until Windows 7 and Windows Server 2008 reach their end of support cut off in January 2020. Organisations that are unable (or unwilling) to make the leap to Windows 10 do have the option to purchase extended support from Microsoft. Exactly how Volume Licensing customers can do this
Windows 7 and Server 2008 support ends January Read More »
Bluekeep is serious vulnerability in the RDP protocol affecting Windows systems. After months of waiting, active exploits have now been spotted in the wild for the first time, attempting to install cryptomining malware on the vulnerable systems. Security researcher Kevin Beaumont has been running a network of honeypots in an attempt to capture Bluekeep malware in
Bluekeep exploits seen in the wild Read More »
The September Patch Tuesday release from Microsoft included 18 critical fixes and 79 in total. The fixes include several Remote Code Execution vulnerabilities: RDP client-side remote code execution vulnerabilities Four remote code execution vulnerabilities were fixed in the Remote Desktop Services client. If a user can be tricked into connecting to a malicious RDP server
RCE bugs fixed in patch Tuesday for September Read More »
Symantec Endpoint Protection for Windows 7 and Server 2008 R2 is blocking Windows updates since August 2019. Back in April 2019 we reported that Microsoft planned to amend the way it digitally signed Windows updates in order to protect against supply chain attacks and ensure only valid, unmodified Microsoft issued patches are installed. This change
Symantec blocks Windows Server 2008 updates Read More »
A potential remote code execution vulnerability has been discovered in the popular GPL-licensed FTP server ProFTPD ProFTPD is running on over a million servers exposed to the internet. It is included in several Linux distros including Debian, Suse and Ubuntu. The flaw, tracked under CVE-2019-12815 lives in the mod_copy module. The flaw allows an unauthenticated user to
1 million ProFTPD servers vulnerable to RCE Read More »
Microsoft’s July Patch Tuesday updates resolve 77 vulnerabilities in Windows software, including two zero-day vulnerabilities which are being actively exploited and remote code execution vulnerabilities in DHCP Server and MS SQL Server. DHCP Server RCE vulnerability If you have your Microsoft DHCP server configured with a failover server, an attacker can send a specially crafted
July patch Tuesday fixes RCE in DHCP Read More »
Since early May, the city of Baltimore has struggled to recover IT systems following a ransomware attack that has left many departments unable to function or even send and receive emails. Citizens have been unable to complete house sales, pay their water bills or receive health alerts. The RobbinHood malware that has attacked the city’s
The importance of Cybersecurity basics Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.