SecureTeam

Exchange 0-day exploits need patching today

Microsoft has published details and out of cycle patches for several 0-day Exchange exploits under active attack. Microsoft Security Response Center advises: Due to the critical nature of these vulnerabilities, we recommend that customers apply the updates to affected systems immediately to protect against these exploits and to prevent future abuse across the ecosystem. The exploits have been linked to the […]

Exchange 0-day exploits need patching today Read More »

VMware patches critical RCE in vCenter Server

News, Vulnerabilities / Ian Reynolds

A critical vulnerability in vCenter Server could allow an unauthenticated attacker to execute arbitrary code on the server that hosts vCenter and so take over the system. vCenter Server is used by IT Admins to manage VMware installations and the virtual machines that run in the VMware environment. The vulnerability (CVE-2021-21972) in a plug-in used

VMware patches critical RCE in vCenter Server Read More »

Critical Windows Fax Server Vulnerability Patched – and Why You Should Care

News, Vulnerabilities / Ian Reynolds

In the February 2021 Patch Tuesday security update Microsoft fixed 56 flaws, one zero-day vulnerability and two remote code execution vulnerabilities in the Windows Fax Service. That’s right, someone can send you a fax and take over your Windows system. While you might be tempted to think: ‘who sends faxes these days?’ that is the

Critical Windows Fax Server Vulnerability Patched – and Why You Should Care Read More »

What is the Nat Slipstreaming2.0 Attack?

News, Vulnerabilities / Ian Reynolds

The NAT Slipstreaming2.0 attack exploits the standard support for VOIP routing in NAT routers/firewalls to expose all devices on the internal network to attack from the internet. A new variant of the NAT Slipstreaming attack has been published which extends the attack to abuse the H.323 protocol used by VOIP devices to manage call forwarding.

What is the Nat Slipstreaming2.0 Attack? Read More »

SonicWall and Cisco patch critical vulnerabilities

News, Vulnerabilities / Ian Reynolds

This week both SonicWall and Cisco have released patches for critical vulnerabilities in their networking products. SonicWall zero day The SonicWall vulnerability (CVE-2021-20016) is a zero-day under active attack – in fact it was used to breach SonicWall’s own network in January according to their security advisory. The flaw affects SonicWall SMA 100 series devices

SonicWall and Cisco patch critical vulnerabilities Read More »

Critical SUDO vulnerability discovered

News, Vulnerabilities / Ian Reynolds

A serious bug in the Linux SUDO utility has been discovered that allows any user to gain root privilege on a Linux system. The flaw was discovered by security firm Qualys and they describe it in their blog post as a heap overflow vulnerability that means: any unprivileged user can gain root privileges on a

Critical SUDO vulnerability discovered Read More »

Two thirds of cyber-crimes repeated within 12 months

News / Ian Reynolds

According to a new report, 68% of organisations that suffered a network breach are the victim of a repeat attack within a year. Cyber-criminals assume that organisation will not learn a lesson from the first attack and return in the hope of easy pickings the second time around. The report from cybersecurity response firm Crowdstrike

Two thirds of cyber-crimes repeated within 12 months Read More »

Hackers target Oracle WebLogic vulnerability

News, Vulnerabilities / Ian Reynolds

Oracle patched a vulnerability in their WebLogic server in October 2020 – eight days later working exploit code was published online and now it is being used by criminals. CVE-2020-14882 allows an attacker to perform a Remote Code Execution attack with minimal effort or skill required. Juniper Networks security researchers reports at least five different

Hackers target Oracle WebLogic vulnerability Read More »

VMWare warns of critical zero-day vulnerability

News, Vulnerabilities / Ian Reynolds

VMWare has issued a security advisory warning of a command injection vulnerability that could allow someone with access to the VMWare Configurator admin account to issue command with unrestricted privileges on the underlying operating system. The vulnerability (CVE-2020-4006) affects VMWare Workspace One Access, Access Connector, Identity Manage and Identify Manager Connector administrative configurator. A malicious

VMWare warns of critical zero-day vulnerability Read More »

NCSC alerts over MobileIron vulnerability

News, Vulnerabilities / Ian Reynolds

The UK National Cyber Security Centre has issued an alert warning that multiple actors are attempting to exploit a MobileIron vulnerability to compromise the networks of UK organisations. MobileIron issued a security patch in June 2020 for their Mobile Device Management system to resolve several vulnerabilities in their software. Included was a critical remote code

NCSC alerts over MobileIron vulnerability Read More »

vulnerability management

Exchange 0-day exploits need patching today

VMware patches critical RCE in vCenter Server

Critical Windows Fax Server Vulnerability Patched – and Why You Should Care

What is the Nat Slipstreaming2.0 Attack?

SonicWall and Cisco patch critical vulnerabilities

Critical SUDO vulnerability discovered

Two thirds of cyber-crimes repeated within 12 months

Hackers target Oracle WebLogic vulnerability

VMWare warns of critical zero-day vulnerability

NCSC alerts over MobileIron vulnerability

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch