Security updates for macOS Ventura, macOS Monterey, and macOS Big Sur have been released to address the security vulnerabilities found in these systems. Four critical severity vulnerabilities are included in these updates, all with a CVSS base score of 9.8/10. Not a lot of information is currently available about these flaws, as Apple doesn’t disclose […]
Apple Release Critical MacOS Vulnerability Updates Read More »
A vulnerability in the Google Pixel Markup tool can be used to recover redacted and edited screenshots, leading to sensitive information disclosure. Security researchers Simon Aarons and David Buchanan who discovered the exploit for this vulnerability dubbed it the aCropalypse flaw which signifies the ability to restore cropped and edited images to their original state
Google Pixel Markup Flaw Restores Edited Images Read More »
A critical arbitrary code execution vulnerability is being actively exploited in unpatched Adobe ColdFusion versions 2018 and 2021. A security bulletin was released by Adobe to inform users of this actively exploited vulnerability, along with two other vulnerabilities patched in the same update, a critical severity deserialisation flaw and a memory leak path traversal vulnerability.
Adobe ColdFusion Vulnerability Actively Exploited Read More »
A total of 83 vulnerabilities have been addressed in this month’s patch Tuesday security updates from Microsoft, including two zero-day flaws, and nine vulnerabilities rated as critical severity. Four of these critical severity vulnerabilities specifically affecting Windows 11, and one affecting Microsoft Office, have been included in Microsoft Defender’s default new vulnerabilities notifications sent to
Two Zero-Day Vulnerabilities Fixed in Patch Tuesday Read More »
A zero-day flaw in FortiOS has been found to be exploited in attacks against governmental and other large organisations, resulting in file corruption and data loss. This vulnerability was only considered medium severity, with a CVSS base score of 6.5, however it has been exploited to take down multiple FortiGate firewall devices in a complex
Critical and Exploited Vulnerabilities in FortiOS Read More »
Two out-of-bounds buffer overflow vulnerabilities have been found in the TPM 2.0 system hardware used across all Windows 11 devices. A TPM (Trusted Platform Module) is a processor used for hardware-based cryptographic operations, to secure encryption keys, and protect the boot process by defending against malicious tampering. Microsoft made it a requirement for PCs to
Flaws in Windows 11 Security Hardware TPM 2.0 Read More »
LastPass suffered two large-scale and public data breaches last year, the first in August to steal source code, and the second in November where partially encrypted password vault data and customer information was stolen. Information from the first breach was used to carry out the second attack, and a keylogger was installed on a senior
LastPass Hack Due to Unpatched Software Read More »
A new security update has been released for Android devices, patching a total of 60 vulnerabilities across two security patch levels, including 4 critical severity flaws. The March Android Security Bulletin lists each vulnerability, it’s type, and the severity, however detailed information about each flaw has not yet been released to allow users to apply
Android Update Fixes Critical Vulnerabilities Read More »
Two critical severity vulnerabilities are being actively exploited by attackers in a WordPress plugin theme called Houzez. This theme is a premium plugin often used to create websites for organisations in the real estate industry. Houzez is a theme produced by the vendor ThemeForest, who fixed the first of these vulnerabilities in August 2022, and
Exploited Critical Flaws in WordPress Theme Plugin Read More »
Security vulnerabilities have been identified in Citrix Virtual Apps and Desktops, and Citrix Workspace app for Windows and Linux. A total of 4 vulnerabilities have been addressed in the latest updates for these Citrix products which if exploited would allow attackers to perform elevation of privileges and take control of the system. These flaws have
Citrix Privilege and Access Control Vulnerabilities Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.