Kaseya, a Florida-based software provider, stated that their businesses have been impacted by the ransomware attack last Friday, on July 2. According to the dark web blog, the REvil gang, also known as Sodinokibi, has asked for a payout of $70 million to unlock what it claims to be “more than a million systems.” The ransom … Continue reading “Kaseya REvil Ransomware Attack”
Microsoft Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527)
A zero-day exploit which allows authenticated users with a regular Domain User account to gain full SYSTEM-level privileges was observed on June 29, 2021 on a fully patched Windows system. Named PrintNightmare and tracked as CVE-2021-34527, was disclosed by MS on July 1, 2021. PrintNightmare (CVE-2021-34527) is a vulnerability that allows an attacker with a … Continue reading “Microsoft Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527)”
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities
An old bug fixed by Cisco is again in the news for actively being exploited in the wild. Cisco had published an advisory cisco-sa-asaftd-xss-multiple-FCB3vPZe on 21st October 2020; to address the bug, CVE-2020-3580. About the Vulnerability This vulnerability exists due to insufficient validation of user-supplied input by the web service’s interface of an affected device. … Continue reading “Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities”
Dell Client Platform BIOSConnect and HTTPS Boot Multiple Vulnerabilities (DSA-2021-106, CVE-2021-21571, CVE-2021-21572, CVE-2021-21573, CVE-2021-21574)
Dell Technologies published an advisory on June 24, 2021 notifying customers of a set of vulnerabilities that can be combined to impersonate Dell.com and take control of the target devices’ boot process to break OS-level security controls. The vulnerabilities affect a wide range of Dell systems. Dell recommends that all customers update to the latest … Continue reading “Dell Client Platform BIOSConnect and HTTPS Boot Multiple Vulnerabilities (DSA-2021-106, CVE-2021-21571, CVE-2021-21572, CVE-2021-21573, CVE-2021-21574)”
SonicWall Buffer Overflow Vulnerability (SNWLID-2021-0006, CVE-2021-20019)
Tracked as CVE-2021-20019, a vulnerability was observed in SonicOS where the HTTP server response leaks partial memory by sending a crafted unauthenticated HTTP request. This can potentially lead to an internal sensitive data disclosure vulnerability. The shortcoming was rectified in an update rolled out to SonicOS on June 22. However, there is no evidence that … Continue reading “SonicWall Buffer Overflow Vulnerability (SNWLID-2021-0006, CVE-2021-20019)”
Google Chrome Zero-Day Use-After-Free Vulnerability (CVE-2021-30554)
The seventh zero-day of Google Chrome was talk of the town in mid-June 2021, two weeks after the sixth zero-day was observed in the wild. The earlier six zero-days were: CVE-2021-21148 – February 4th, 2021 CVE-2021-21166 – March 2nd, 2021 CVE-2021-21193 – March 12th, 2021 CVE-2021-21220 – April 13th, 2021 CVE-2021-21224 – April 20th, 2021 … Continue reading “Google Chrome Zero-Day Use-After-Free Vulnerability (CVE-2021-30554)”
Microsoft Windows June 2021 Zero-day Vulnerabilities
On June 2021 Patch Tuesday, Microsoft addressed 50 vulnerabilities; and out of these, 5 were critical and 45 were important bugs. 3 vulnerabilities were previously known, and 6 are being actively exploited by attackers. The 6 exploited vulnerabilities are: CVE-2021-31955, CVE-2021-31956, CVE-2021-33739, CVE-2021-33742, CVE-2021-31199, & CVE-2021-31201. CVE-2021-31955 and CVE-2021-31956 are Windows Kernel Information Disclosure vulnerability … Continue reading “Microsoft Windows June 2021 Zero-day Vulnerabilities”
Google Chrome Zero-day Type confusion Vulnerability
The sixth zero day of Google Chrome was talk of the town during the June 2021 Patch Tuesday. The earlier 5 zero days were: CVE-2021-21148 – February 4th, 2021 CVE-2021-21166 – March 2nd, 2021 CVE-2021-21193 – March 12th, 2021 CVE-2021-21220 – April 13th, 2021 CVE-2021-21224 – April 20th, 2021 Google states that they are “aware … Continue reading “Google Chrome Zero-day Type confusion Vulnerability”
VMware vCenter Server Multiple Vulnerabilities (CVE-2021-21986, CVE-2021-21985)
On 25th May 2021, VMware released a security advisory to address two vulnerabilities (CVE-2021-21986, CVE-2021-21985) for vCenter Server. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on the vulnerable system. VMware has assigned critical severity for CVE-2021-21985 with a maximum CVSSv3 base score of 9.8. The severity of CVE-2021-21986 … Continue reading “VMware vCenter Server Multiple Vulnerabilities (CVE-2021-21986, CVE-2021-21985)”
Pulse Connect Secure Authenticated Arbitrary Code Execution Vulnerability (CVE-2021-22908)
Pulse Connect Secure (PCS) gateway contains a buffer overflow vulnerability in Samba-related code that may allow authenticated remote attacker to execute arbitrary code. By performing certain SMB operations with a specially crafted server name, an authenticated attacker may be able to execute arbitrary code with root privileges on a vulnerable PCS server. PCS allows to … Continue reading “Pulse Connect Secure Authenticated Arbitrary Code Execution Vulnerability (CVE-2021-22908)”
