Publicly-known Vulnerabilities Exploited by State-sponsored Cyber Threat Actors

In the start of Oct 2020, Cybersecurity and Infrastructure Security Agency (CISA) published an advisory  notifying about vulnerabilities that were exploited in the wild to retrieve sensitive data such as intellectual property, economic, political, as well as military information. According to CISA, in the light of heightened tensions  between U.S. and China, these vulnerabilities were … Continue reading “Publicly-known Vulnerabilities Exploited by State-sponsored Cyber Threat Actors”

Draytek Command Injection Vulnerability (CVE-2020-8515)

Summary: In the first week of May 2020,certain vulnerabilities have been observed that allows command injection in DrayTek devices. DrayTek manufactures firewalls, VPN devices, routers and wireless LAN devices. Successful exploitation could allow an attacker to manipulate and play on network traffic, escalated privileges or accounts even, operate SSH ans as such. Description: DrayTek Vigor … Continue reading “Draytek Command Injection Vulnerability (CVE-2020-8515)”