Monday, 30 August, 2021 |
|
Description | CVE |
Monday, 30 August, 2021 |
|
A flaw in Microsoft’s Azure Cosmos DB database product left more than 3,300 Azure customers open to complete unrestricted access by attackers. The vulnerability was introduced in 2019 when Microsoft added a data visualization feature called Jupyter Notebook to Cosmos DB. The feature was turned on by default for all Cosmos DBs in February 2021.
The flaw was detected in a visualization tool called Jupyter Notebook, and has been available for years. This flaw was enabled by default in Cosmos starting in February.
Sunday, 15 August, 2021 |
|
CVE-2021-36958 is a remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.
An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Microsoft has not yet released patches to address this vulnerabilities. Please refer the Recommendation section for information on how to protect system from this vulnerability.
Thursday, 12 August, 2021 |
|
Microsoft has released patches for 44 vulnerabilities, with 7 classified as Critical and 37 as Important, including 3 Zero-days with one actively exploited in the wild.
The fix for three zero-day vulnerabilities include:
CVE-2021-36948 Windows Update Medic Service Elevation of Privilege Vulnerability
CVE-2021-36942 Windows LSA Spoofing Vulnerability
CVE-2021-36936 Windows Print Spooler Remote Code Execution Vulnerability
Monday, 9 August, 2021 |
|
A critical security vulnerability in a subset of Cisco Systems’ small-business VPN routers could allow a remote, unauthenticated attacker to take over a device and could allow an attacker to do the following:.
Monday, 2 August, 2021 |
|
Advisory coauthored by The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) on the top 30 vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)—routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021.
Tuesday, 27 July, 2021 |
|
As per SonicWall security notice, threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials.
Monday, 26 July, 2021 |
|
An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Account Manager (SAM) database.
An attacker could exploit this vulnerability (CVE-2021-36934) to gain elevated privileges. An attacker with low level privileges would need to take advantage of the incorrect permissions set on the SYSTEM and SAM hives.
Sunday, 18 July, 2021 |
|
Wednesday, 14 July, 2021 |
|
SolarWinds was recently notified by Microsoft of a security vulnerability (CVE-2021-35211) related to Serv-U Managed File Transfer Server and Serv-U Secured FTP. The vulnerability exists in the latest Serv-U version 15.2.3 HF1 released May 5, 2021, and all prior versions. A hotfix to resolve this vulnerability has been published,.
Wednesday, 14 July, 2021 |
|
Thursday, 1 July, 2021 |
|
Sunday, 20 June, 2021 |
|
Four high severity vulnerabilities in Google Chrome has been discovered and we are aware that one with (CVE-2021-30554) exploit exist in the wild. It is suggested to apply the recommendations below in order to prevent security incidents from happening.
Thursday, 17 June, 2021 |
|
Thursday, 10 June, 2021 |
|
Intel has released 29 advisories on the 8th of June to patch multiple products that addresses 73 vulnerabilities, of which 23 are high severity. Please follow the recommendation bellow to mitigate the vulnerabilities.
Among these security patches, Intel has addressed vulnerabilities related to local privilege escalations in the Intel Processor Firmware and network privilege escalation in Intel Security Library.
Thursday, 10 June, 2021 |
|
A new high severity vulnerability in Google Chrome has been discovered. We are aware that exploits exist in the wild, and has been reported targeting MENA. It is suggested to apply the recommendations below in order to prevent security incidents from happening.
Wednesday, 9 June, 2021 |
|
Adobe has released security updates for multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
This collection of security updates addresses vulnerabilities in different products and includes fixes for 24 Critical severity flaws in the following products:
Wednesday, 9 June, 2021 |
|
Microsoft has released its June 2021 security update with 55 critical and important vulnerabilities in multiple products. A threat actor PuzzleMaker has been exploiting both CVE-2021-31955 and CVE-2021-31956 while utilizing unpatched Chrome (CVE-2021-21220).
Six zero-day vulnerabilities are being actively exploited:
Thursday, 3 June, 2021 |
|
Cisco has released security updates for multiple products. It is recommended to apply these security updates as soon as possible to prevent security incidents from happening.
