CISA has released a joint advisory regarding the recently exploited vulnerability in Zoho’s ManageEngine ADSelfService Plus. The advisory urges users to upgrade their tools, as APT attackers are aggressively exploiting a recently identified vulnerability. The FBI, the United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure Security Agency (CISA) collaborated on this joint advisory to highlight the cyber threat … Continue reading “CISA has released an alert for the Zoho ManageEngine ADSelfService Plus authentication bypass vulnerability exploited by APT actors (CVE-2021-40539)”
Author: Diksha Ojha
WordPress Plugin Starter Templates Stored Cross-Site Scripting (XSS) Vulnerability Impacts Over Million Sites (CVE-2021-42360)
Astra Theme’s WordPress plugin fixed an XSS vulnerability that could lead to total site takeover and attacks on visitors. A vulnerability in the Starter Templates – Elementor, Gutenberg, and Beaver Builder Templates plugin can allow contributor-level users to entirely replace any page on the site and implant malicious JavaScript at any time. This vulnerability was first discovered … Continue reading “WordPress Plugin Starter Templates Stored Cross-Site Scripting (XSS) Vulnerability Impacts Over Million Sites (CVE-2021-42360)”
Palo Alto Networks PAN-OS GlobalProtect Portal and Gateway Interfaces Memory Corruption Vulnerability (CVE-2021-3064)
Palo Alto Networks (PAN) released an update addressing the vulnerability CVE-2021-3064. This vulnerability was discovered and disclosed by Randori. This vulnerability affects PAN firewalls that use the GlobalProtect Portal VPN. This VPN allows for unauthenticated remote code execution on susceptible product installations. The zero-day vulnerability has a severity rating of 9.8. The vulnerability chain … Continue reading “Palo Alto Networks PAN-OS GlobalProtect Portal and Gateway Interfaces Memory Corruption Vulnerability (CVE-2021-3064)”
Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability (CVE-2021-42321)
Microsoft has released a patch for a highly severe Exchange Server vulnerability in its November 2021 Patch Tuesday. This vulnerability can allow authenticated attackers to execute codes remotely on vulnerable servers. The CVE-2021-42321 security issue is caused by inappropriate validation of command-let (cmdlet) parameters. To execute this vulnerability, the attacker needs to be authenticated. This vulnerability only affects on-premises Microsoft Exchange servers, including those used by users in Exchange Hybrid … Continue reading “Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability (CVE-2021-42321)”
GitLab Unauthenticated Remote Code Execution Vulnerability (CVE-2021-22205)
GitLab is a web-based DevOps lifecycle solution built by GitLab Inc. providing unrivaled insight and productivity across the DevOps lifecycle in a single application. GitLab has released an update for a significant remote code execution (RCE) vulnerability (CVE-2021-22205) in GitLab’s web interface. This vulnerability has been regularly exploited in the wild and has caused a vast … Continue reading “GitLab Unauthenticated Remote Code Execution Vulnerability (CVE-2021-22205)”
Google Chrome releases emergency updates to address two zero-day vulnerabilities (CVE-2021-38000 and CVE-2021-38003)
Google released an emergency update for its Chrome web browser on Thursday. According to the company, this update includes fixes for two zero-day vulnerabilities (CVE-2021-38000 and CVE-2021-38003) that are being actively exploited in the wild. The new 95.0.4638.69 version is available for Windows, Mac, and Linux and addresses seven vulnerabilities, including these two zero-days. “Google is aware that exploits for CVE-2021-38000 and … Continue reading “Google Chrome releases emergency updates to address two zero-day vulnerabilities (CVE-2021-38000 and CVE-2021-38003)”
Update your devices with Apple’s latest security patches
Apple has been focusing on the security of its devices. One of the most critical actions to keep your Apple product secure is to keep its software up-to-date. Apple has rolled out security updates to older iPhones, iPads, Apple TV, and Watch series. The update consists of: tvOS is 15.1. watchOS is 8.1. macOS is 12.0.1. iOS and iPadOS is 15.1. iOS 14.8.1 and iPadOS 14.8.1 Apple published iOS … Continue reading “Update your devices with Apple’s latest security patches”
Apache mod_proxy Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)
The Apache HTTP Server Project is a group of people working together to create and maintain an open-source, software-based HTTP server for modern operating systems such as UNIX and Windows. This technology is considered among the most widely used web servers on the internet. A Server-Side Request Forgery (SSRF) vulnerability (CVE-2021-40438) has been identified in Apache HTTP Server versions 2.4.48 and older. The vulnerability … Continue reading “Apache mod_proxy Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)”
Microsoft Windows security update for October 2021 addresses four zero-days and 71 flaws
Microsoft October 2021 patch Tuesday has arrived with the latest updates! In this month’s security update, Microsoft has fixed a total of 74 flaws including four zero-day vulnerabilities. Out of these 74 vulnerabilities, three are classified as Critical, 70 as Important, and one as Low. This update covers the products such as Microsoft Office, Exchange Server, MSHTML, Visual Studio, and the Edge … Continue reading “Microsoft Windows security update for October 2021 addresses four zero-days and 71 flaws”
Apple releases emergency update to address the arbitrary code execution zero-day vulnerability (CVE-2021-30883)
On Monday, Apple released an iPhone security update to fix a major vulnerability that is being exploited in the wild. With the latest patch, the corporation has now resolved a total of 17 zero-days in 2021 – a new high. The vulnerability CVE-2021-30883 involves a memory corruption flaw in the IOMobileFrameBuffer component. This flaw allows an application to run arbitrary … Continue reading “Apple releases emergency update to address the arbitrary code execution zero-day vulnerability (CVE-2021-30883)”
