The October security patch updates include fixes for critical flaws and zero-day vulnerabilities from Microsoft, Apple and Apache. Microsoft October Updates October’s security patch bundle from Microsoft includes fixes for four zero-day vulnerabilities, at least one of which is actively being exploited in the wild. Overall Microsoft fixes 70 vulnerabilities include the first inclusion of […]
October Security Updates Read More »
The September update for Microsoft Exchange includes a new security feature for on-premises servers – they can now automatically mitigate new vulnerabilities just like the cloud versions used by Office 365. The last 12 months have not been fun for Exchange administrators with a series of high-profile vulnerabilities affecting on-premise Exchange servers resulting in the
Exchange can now automatically mitigate new vulnerabilities Read More »
Cyber-criminals have been exploiting the Windows PrintNightmare vulnerability to attack networks around the world. PrintNightmare is the name given to a collection of vulnerabilities in the Windows Print Spooler. According to reports from Talos and CrowdStrike, several threat actors have now incorporated the PrintNightmare vulnerabilities into attacks on their victims networks. The PrintNightmare vulnerabilities were
PrintNightmare vulnerabilities exploited in the wild Read More »
Cisco and Pulse Secure have both issued security advisories warning of critical Remote Code Execution vulnerabilities that affect some of their VPN servers. Pulse Secure Pulse Secure has shipped a patch to resolve several Remote Code Execution vulnerabilities in its Connect Secure VPN appliances. The August release addresses these issues and the vendor ‘strongly advises’
VPN insecurity woes continue for Pulse Secure and Cisco Read More »
A flaw in all versions of Windows 10 and Server 2019 released since November 2018 leaves the Security Account Manager file which contains all the hashed credentials for the PC, open for any user to read. Microsoft has issued a security advisory to track their investigations, but no permanent solution has been released – although
SeriousSAM exposes Windows credentials Read More »
Microsoft has moved swiftly to publish mitigation advice for a new NTLM relay attack against Windows Domain controllers, dubbed PetitPotam. An NTLM relay attack can occur when an attacker inserts themselves between a valid client-server authentication request in a Windows Domain or tricks one system into trying to authenticate itself and so providing a copy
PetitPotam attack leaves Windows Domain Controllers Vulnerable Read More »
SentinelLabs has discovered a severe escalation of privilege vulnerability in a printer driver used by HP, Samsung and Xerox devices since 2005 – affecting over 390 printer models and millions of computers. The vulnerable driver gets installed on Windows systems without any user intervention, simply by plugging in a printer with a USB cable or
16 year old printer bug exposes millions of systems Read More »
July is another bumper month for Microsoft as they ship fixes for 117 security vulnerabilities, 13 of them rated as critical and at least 4 are currently under active attack by cyber criminals. The actively exploited vulnerabilities patched this month are: CVE-2021-34527 – Windows Print Spooler RCE Vulnerability – aka PrintNightmare It’s third time lucky
Microsoft’s July Patches fix 13 critical flaws Read More »
A new report from Microsoft’s security research team details how the Netgear DGN-2200 broadband router can be compromised remotely, allowing attackers access to the internal network. Microsoft’s 365 Defender Research Team has published a detailed report that explains the flaws they discovered in the firmware of the Netgear DGN-2200v1 ADSL router, that enables a remote
Netgear broadband router vulnerable to remote compromise Read More »
Code demonstrating how to exploit an 0day vulnerability in the Windows Print Spooler was accidentally published on GitHub this week. This remote code execution vulnerability can be exploited to take control of a fully patched Windows Domain Controller. In the June 2021 Patch bundle, Microsoft delivered a fix for CVE-2021-1675, an elevation of privilege and
Critical PrintNightmare vulnerability exposes Domain controllers Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.