Tag: Vulnerability

Detect Wormable RCE Vulnerability (CVE-2021-31166) in Windows HTTP.sys

Microsoft has recently fixed a highly critical bug (CVE-2021-31166), which enables remote code execution with kernel rights on the machines running Windows 10 and Windows Server. The vendor warns that this flaw is wormable and could self-propagate across multiple servers inside the organizational network to cause maximum harm. The Proof of Concept (PoC) exploit has […]

Read More
Detecting FragAttacks: Overview of Newly Discovered WiFi Flaws

Yet another time security practitioners should brace themselves and check their coffee supplies due to a set of recently identified vulnerabilities in the Wi-Fi standard. Collectively called FragAttacks, these flaws affect nearly all wireless-enabled devices and allow adversaries to take control over the vulnerable systems to intercept secret information. Mathy Vanhoef, a security expert who […]

Read More
Detect Privilege Escalation Vulnerabilities (CVE-2021-21551) in Dell BIOS Driver

Dell computers worldwide are potentially vulnerable to attacks due to high-severity flaws introduced back in 2009. According to experts, a set of five issues tracked together as CVE-2021-21551 affects Dell DBUtil driver and allows adversaries to gain kernel-mode privileges on the affected machines. Although CVE-2021-21551 has been present in the driver for more than a […]

Read More
Ivanti Patches Critical Pulse Connect Secure Flaws Under Active Exploitation

On May 3, 2021, Ivanti issued a security update addressing highly critical security holes in its Pulse Connect Secure SSL VPN appliance. The flaws have been reportedly used by APT actors to target government agencies, critical infrastructure objects, and private firms across the U.S. Pulse Connect Secure Vulnerabilities According to the CISA security alert from […]

Read More
Pulse Connect Secure Vulnerabilities Are Exploited in Ongoing Attacks Against High-Profile Targets

On April 20, 2021, US-CERT issued an alert warning about an ongoing malicious campaign abusing vulnerable Pulse Connect Secure products to attack organizations across the US. The campaign broke forth in June 2020 and involved multiple security incidents affecting government agencies, critical infrastructure assets, and private sector organizations. Threat actors rely on a set of […]

Read More
CVE-2017-11882: Two-Decades-Old Vulnerability in Microsoft Office Still Actively Leveraged For Malware Delivery

Despite being patched for three years already, hackers reportedly rely on an old remote code execution vulnerability in Microsoft Office (CVE-2017-11882) to infect victims with malware. According to the threat analysis report from HP Bromium, the flaw accounts for nearly three-quarters of all exploits leveraged in Q4 2020. CVE-2017-11882 Description CVE-2017-11882 is a memory corruption […]

Read More
Operation Exchange Marauder

HAFNIUM APT Exploits Microsoft Exchange Zero-Days to Steal Data and Install Malware In January 2021, security researchers from Violexity revealed a long-term malicious operation launched by China-affiliated HAFNIUM APT against a number of unnamed organizations. Threat actors leveraged a set of previously undisclosed zero-day vulnerabilities in Microsoft Exchange to access sensitive corporate information and perform […]

Read More
IBM QRadar Remote Code Execution Vulnerability (CVE-2020-4888) Detection

On January 27, 2021, IBM released an official patch for a serious remote code execution vulnerability affecting its QRadar SIEM. CVE-2020-4888 Description The security hole occurs because the Java deserialization function fails to deserialize a user-supplied input securely. As a result, remote low-privileged hackers can execute arbitrary commands on the affected system by sending a […]

Read More
Critical Unauthorized Remote Code Execution in VMware vCenter (CVE-2021-21972)

On February 23, 2021, VMware addressed a critical unauthorized remote code execution (RCE) bug (CVE-2021-21972) in its default vCenter Server plugin. Right after the announcement and the advisory release, threat actors started mass scans for publicly exposed instances. To date, researchers have detected 6700 VMware vCenter servers exposed to the attacks. As far as public […]

Read More
Microsoft Addressed a 12-Years-Old Privilege Escalation Vulnerability in Windows Defender

In February 2021, Microsoft patched a privilege escalation bug in Microsoft Defender Antivirus (formerly Windows Defender) that might provide threat actors with the ability to gain admin rights on the vulnerable host and disable pre-installed security products. SentinelOne experts, who revealed the issue, report that the flaw was introduced back in 2009 and stayed undisclosed […]

Read More