Last month, it was discovered that Microsoft Teams users could be leaving the doors open for malicious entities on their computers to access their credentials. Here’s everything you need to know about the vulnerability, first discovered by the Vectra Protect team: What is the vulnerability in the Microsoft Teams desktop app? The team recently uncovered… Continue reading On the Microsoft Teams desktop app? Watch your credentials and tokens!
Atlassian is urging users to take action on a critical vulnerability found in its Questions for Confluence app – one of three major bugs announced last week. With Confluence in use across millions of systems for project management and collaboration needs, a critical vulnerability in the product has the potential to cause huge damage if… Continue reading How to fix CVE-2022-26138 in Atlassian
As the world’s largest software vendor, it probably stands to reason that critical Windows vulnerabilities appear more often than others. Even though Microsoft is typically very fast to release patches—either on Patch Tuesday, the second Tuesday of every month, or as an out-of-band release in an emergency—getting those patches implemented across your entire organization isn’t… Continue reading The top Windows vulnerabilities in June 2022 (Printnightmare and more)
On March 30, 2022, a Chinese researcher published a GitHub commit that contained an exploit code for a zero-day vulnerability of unauthenticated remote code execution in the Spring Framework. The new RCE vulnerability CVE-2022-22965 is also being nicknamed: Spring4Shell. Here’s everything you need to know: What is the Spring4Shell vulnerability? At this time, in order… Continue reading Is the new zero-day vulnerability “Spring4Shell” the next log4shell? Learn how to mitigate
On February 10, Apple released an urgent update for iOS, iPadOS and MacOS to fix the dangerous zero-day CVE-2022-22620 vulnerability. While Apple does not disclose vulnerabilities until after they have completed their research and most users have patches in place, they recommend updating devices as soon as possible. Meanwhile, CISA have ordered federal agencies to… Continue reading How to fix the zero day CVE-2022-22620 vulnerability