Apple released an emergency security release on September 13, 2021 to address two arbitrary code execution vulnerabilities, CVE-2021-30858 and CVE-2021-30860. According to Apple, both vulnerabilities allow maliciously crafted documents to execute arbitrary code on vulnerable devices. Apple addressed the issue saying, “Apple is aware of a report that this issue may have been actively exploited.” … Continue reading “Apple Zero-Day Arbitrary Code Execution Vulnerabilities (CVE-2021-30858 and CVE-2021-30860)”
Tag: Vulnerabilities
Most Exploited Vulnerabilities in the Pandemic and Pre-pandemic Era
In July 2021, Cybersecurity and Infrastructure Security Agency (CISA), together with the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI), published an advisory notifying about the top 30 vulnerabilities that were exploited in the wild to retrieve sensitive data such as intellectual … Continue reading “Most Exploited Vulnerabilities in the Pandemic and Pre-pandemic Era”
Microsoft Exchange Server Remote Code Execution Vulnerabilities (4 zero days – CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
Microsoft has released patches for the four zero-days exploited in the attacks (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065), discovered during the subsequent investigation. These bugs were observed by Microsoft Threat Intelligence Center (MSTIC) since January 2021. The OS giant, said that Hafnium operators used the four Exchange zero-days as part of a multi-part attack chain to … Continue reading “Microsoft Exchange Server Remote Code Execution Vulnerabilities (4 zero days – CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)”
SolarWinds Full System Control Vulnerabilities (CVE-2021-25274, CVE-2021-25275, CVE-2021-25276)
Three critical vulnerabilities were observed in SolarWinds products. All these severe bugs allow remote code execution with high privileges. At the time of this blog being published, there has been no active PoC in the wild. CVE-2021-25274 – MSMQ Remote Code Execution SolarWinds Collector Service uses MSMQ (Microsoft Message Queue), and it doesn’t set permissions … Continue reading “SolarWinds Full System Control Vulnerabilities (CVE-2021-25274, CVE-2021-25275, CVE-2021-25276)”
URGENT/11 – Programmable Logic Controllers Vulnerabilities (CVE-2019-12255,CVE-2019-12260, CVE-2019-12261, CVE-2019-12263, CVE-2019-12265, CVE-2019-12259, CVE-2019-12264, CVE-2019-12262, CVE-2019-12258, CVE-2019-12257, CVE-2019-12256)
URGENT/11 is a set of vulnerabilities that affects operational technology (OT) devices and CDPwn of Cisco devices, which was reported by the IoT security firm – Armis. Despite fixes being delivered in 2019, Armis researchers observed that 97% of the OT devices impacted by URGENT/11 and 80% of devices affected by CDPwn were vulnerable/unpatched. Ben … Continue reading “URGENT/11 – Programmable Logic Controllers Vulnerabilities (CVE-2019-12255,CVE-2019-12260, CVE-2019-12261, CVE-2019-12263, CVE-2019-12265, CVE-2019-12259, CVE-2019-12264, CVE-2019-12262, CVE-2019-12258, CVE-2019-12257, CVE-2019-12256)”
FireEye Discloses Breach – Theft of Cybersecurity Tools
On December 8, 2020, FireEye – a $3.5 billion enterprise – disclosed theft of their Red Team tools. Red Team tools are essentially built from malware that the company has seen used in a wide range of attacks. FireEye says the hackers now have an influential collection of new techniques to draw upon. The stolen … Continue reading “FireEye Discloses Breach – Theft of Cybersecurity Tools”
SaltStack Framework Critical Vulnerabilities (CVE-2020-16846, CVE-2020-17490, CVE-2020-25592)
Overview Recently, SaltStack announced three severely critical bugs and has recommended users to prioritize and immediately apply the appropriate patches. Let’s understand all three bugs one by one: CVE-2020-16846 – If SSH client is enabled, sending crafted requests to Salt API results in shell injection. Thus, a client with network access to SaltStack Salt API … Continue reading “SaltStack Framework Critical Vulnerabilities (CVE-2020-16846, CVE-2020-17490, CVE-2020-25592)”
Cisco IOS and IOS XE Multiple Vulnerabilities
Multiple vulnerabilities including authorization bypass, DoS, arbitrary code execution and such other critical vulnerabilities were observed in various Cisco IOS and IOS XE devices in September 2020. To this, Cisco published a collated report of all 34 vulnerabilities as an advisory – ERP-74268. In its semi-annual report, published on Sept 24, 2020, Cisco released bundles … Continue reading “Cisco IOS and IOS XE Multiple Vulnerabilities”