SecureTeam

November Patch Tuesday fixes 12 RCE vulnerabilities

The November security patch bundle from Microsoft fixes 112 security vulnerabilities in their products, including 12 Remote Code Execution vulnerabilities. Noteworthy vulnerabilities fixed this month include: Windows Kernel Local Elevation of Privilege: CVE-2020-17087 Observed under active attack in the wild by Google, CVE-2020-17087 is an elevation of privilege vulnerability that was being used in […]

November Patch Tuesday fixes 12 RCE vulnerabilities Read More »

Adobe issues Acrobat security patches

News, Vulnerabilities / Ian Reynolds

Adobe has issued patches for critical vulnerabilities in their Acrobat and Acrobat Reader software widely used for creating and reading PDF documents. 12 fixes are included in the latest security updates, three are rated as Critical as they can be exploited to achieve arbitrary code execution. In other words, this means simply opening a specially

Adobe issues Acrobat security patches Read More »

Windows 0-day vulnerability disclosed

News, Vulnerabilities / Ian Reynolds

Google’s Project Zero has disclosed the details of a Windows 0-day vulnerability under active attack which affects all versions from Windows 7 through to Windows 10. No patch is yet available from Microsoft but one is expected in the November 2020 patch Tuesday updates. Last week we published details of a Chrome Browser 0-day vulnerability

Windows 0-day vulnerability disclosed Read More »

The Top 10 vulnerabilities being exploited today

Articles, Information Assurance / Ian Reynolds

The NSA (National Security Agency) recently published a security advisory about the publicly known vulnerabilities currently being exploited by Chinese state-sponsored actors. While this security advisory is focused on the activities of state-sponsored actors, it does show the threats and vulnerabilities considered most useful for exploitation. Taking a quick look at the list could provide

The Top 10 vulnerabilities being exploited today Read More »

WordPress force updates a million sites to fix SQLi flaw

News, Vulnerabilities / Ian Reynolds

Last week an SQL injection vulnerability was discovered in the popular Loginizer plugin used by over a million WordPress sites. Such was the risk, WordPress took the unusual step of forcing updates into sites that use the plug-in – even those with auto-update turned off. The flaw in Loginizer can be exploited by an attacker

WordPress force updates a million sites to fix SQLi flaw Read More »

Sonicwall critical Firewall RCE vulnerability

News, Vulnerabilities / Ian Reynolds

Sonicwall has released patches to fix a denial of service and remote code execution vulnerability in their Network Application Security appliances (virtual firewalls). The vulnerability exists in the code which handles SSL VPN access – meaning it is usually exposed to the public internet. The vulnerability was discovered by researchers at Tripwire who describe the

Sonicwall critical Firewall RCE vulnerability Read More »

October Patch Tuesday includes critical Windows TCP/IP vulnerability

News, Vulnerabilities / Ian Reynolds

October’s security patch bundle from Microsoft resolves 87 vulnerabilities, 12 rated as critical. One of these is a flaw in the Windows TCP/IP stack which can result in a server crash or remote code execution simply by sending a specially crafted ICMPv6 request. While it is technically challenging to achieve a remote code execution, the

October Patch Tuesday includes critical Windows TCP/IP vulnerability Read More »

Microsoft Defender now updates OS image files

News, Tools / Ian Reynolds

Whenever a new Windows device is booted from an image, there is a period of time when the machine is live and on the network, but it is missing operating system security patches and Microsoft Defender updates. This new-born system is at its most vulnerable until the missing patches and updates have been applied. If

Microsoft Defender now updates OS image files Read More »

Critical Domain Controller Flaw Requires Urgent Patching

News, Vulnerabilities / Ian Reynolds

A critical vulnerability in Microsoft Netlogon was patched in the August patch cycle – but was so dangerous that details were not made public until September when (hopefully) many systems would have been patched. If you have not applied the August patch bundle to your domain controllers stop reading and go do it now. Really

Critical Domain Controller Flaw Requires Urgent Patching Read More »

TeamViewer fixes credential theft vulnerability

News, Vulnerabilities / Ian Reynolds

TeamViewer Gmbh have released a patch for their Windows Desktop client to fix a credential leaking vulnerability which could allow a malicious webpage to obtain the hashed NTLM credentials of the active Windows user account. A simple flaw (CVE-2020-13699) in the way the TeamViewer desktop client handles custom URI handlers means a malicious webpage can

TeamViewer fixes credential theft vulnerability Read More »

vulnerability management

November Patch Tuesday fixes 12 RCE vulnerabilities

Adobe issues Acrobat security patches

Windows 0-day vulnerability disclosed

The Top 10 vulnerabilities being exploited today

WordPress force updates a million sites to fix SQLi flaw

Sonicwall critical Firewall RCE vulnerability

October Patch Tuesday includes critical Windows TCP/IP vulnerability

Microsoft Defender now updates OS image files

Critical Domain Controller Flaw Requires Urgent Patching

TeamViewer fixes credential theft vulnerability

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch