SonicWall is one of the latest IT security vendors, after Microsoft, FireEye, and Malwarebytes, to confirm a breach in recent weeks. All vendors disclosed cyberattacks related to the massive SolarWinds attack campaign targeting major US government agencies and businesses. SonicWall has issued a security advisory addressing a patch for the zero-day vulnerability used in attacks … Continue reading “SonicWall SMA 100 Series 10.X Zero-Day Vulnerability”
Author: Vivek Chanchal
SolarWinds Backdoor Supply Chain Attack
On December 8, 2020, FireEye disclosed the theft of their Red Team assessment tools. FireEye has confirmed that the attack leveraged trojanized updates to the SolarWinds Orion platform, which is used by organizations to monitor and manage IT infrastructure. Communications at U.S.Treasury and Commerce Departments were also compromised by a highly skilled manual supply chain … Continue reading “SolarWinds Backdoor Supply Chain Attack”
Microsoft Windows Kernel Zero-Day Vulnerability Alert
Security researchers from Google’s Project Zero have disclosed a zero-day vulnerability yesterday (tracked as CVE-2020-17087) in the Windows operating system which is currently being exploited in the wild. According to Google’s Project Zero security researchers Mateusz Jurczyk and Sergei Glazunov, the bug allows an attacker to escalate their privileges in Windows. Attackers are abusing the … Continue reading “Microsoft Windows Kernel Zero-Day Vulnerability Alert”
Pulse Connect Secure Remote Code Execution via Uncontrolled Gzip Extraction (CVE-2020-8260)
On Oct 26th, 2020, Pulse issued a security advisory addressing multiple vulnerabilities of high severity in Pulse appliances. Among the multiple vulnerabilities, CVE-2020-8260 was identified as a Remote Code Execution vulnerability via Uncontrolled Gzip Extraction with a CVSSv3 base score of 7.2. Vulnerability Details: Security researchers Richard Warren and David Cash of NCC Group Research … Continue reading “Pulse Connect Secure Remote Code Execution via Uncontrolled Gzip Extraction (CVE-2020-8260)”
Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-16952)
On Oct 14th, 2020, Microsoft issued a security advisory addressing CVE-2020-16952, a Remote Code Execution vulnerability in Microsoft SharePoint Servers with a CVSS score of 7.3 and severity marked as Critical. Vulnerability Details: Security researcher Steven Seeley (mr_me) of the Qihoo 360 Vulcan Team discovered and reported the Authenticated Remote Code Execution vulnerability (CVE-2020-16952). This … Continue reading “Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-16952)”
WordPress File Manager Plugin Remote Code Execution Vulnerability
Overview: On 1st September 2020, researchers at Wordfence published a blog regarding a remote code execution vulnerability in WordPress File Manager plugin. Successful exploitation of this vulnerability allows unauthenticated remote attackers to execute commands and upload malicious files and shells on a target website. The vulnerability currently does not have any CVE assigned to it … Continue reading “WordPress File Manager Plugin Remote Code Execution Vulnerability”
Pulse Connect Secure And Policy Secure Code Injection Vulnerability (CVE-2020-8218)
On July 29th, 2020, Pulse issued a security advisory addressing multiple vulnerabilities in Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) with severity marked as High. Among the multiple vulnerabilities, CVE-2020-8218 was identified as a Code Injection vulnerability with a CVSSv3 base score 7.2. Vulnerability Details: PPS is a standards-based and scalable NAC solution … Continue reading “Pulse Connect Secure And Policy Secure Code Injection Vulnerability (CVE-2020-8218)”
Windows Print Spooler Elevation of Privilege Vulnerability (CVE-2020-1337)
On Aug 11th 2020, Microsoft issued a security advisory addressing the Elevation of Privilege vulnerability (CVE-2020-1337) in Windows Print Spooler service. The vulnerability has a CVSS score of 7.8 and severity marked as Important. Vulnerability Details: Windows Print Spooler is a service that participates in the Print Services system. Windows Print Spooler service was found … Continue reading “Windows Print Spooler Elevation of Privilege Vulnerability (CVE-2020-1337)”
Microsoft Windows Elevation of Privilege Vulnerability (CVE-2020-1313)
On June 9th 2020, Microsoft issued a security advisory addressing Elevation of Privilege vulnerability (CVE-2020-1313) in Windows Update Orchestrator Service that has a CVSS score of 7.8 and severity marked as Important. Vulnerability Details: Windows Update Orchestrator Service is a DCOM service which is used by other components to install windows updates that are already … Continue reading “Microsoft Windows Elevation of Privilege Vulnerability (CVE-2020-1313)”
Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-1147)
On July 14th 2020, Microsoft issued a security advisory addressing CVE-2020-1147, a Remote Code Execution vulnerability in Microsoft SharePoint Servers with a CVSS score of 7.8 and severity marked as Critical. Vulnerability Details CVE-2020-1147 is a critical vulnerability caused by insufficient checks of the source markup of the XML file input that could be further exploited … Continue reading “Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-1147)”