Tag: Vulnerability

Unpatched NTFS Zero-Day in Windows 10 Damages Hard Drive with a Single File View

The information security analyst Jonas L has discovered an alarming bug in Windows 10 that might corrupt any hard drive (HD) relying on the NTFS formatting. A zero-day flaw remains unpatched despite the researcher has pointed up to it since autumn 2020. NTFS Vulnerability Analysis The NTFS zero-day vulnerability exists in Windows 10 build 1803, […]

Read More
CVE-2020-29583: Secret Backdoor Vulnerability in Zyxel Products

Threat actors exploit a recently discovered Zyxel secret backdoor in the wild. It’s high time to patch since adversaries are instantly searching for vulnerable installations to gain momentum before updates are installed. CVE-2020-29583 Overview The bug occurs since a number of Zyxel products incorporate an undocumented root account leveraging hardcoded login details accessible in the […]

Read More
Zoho ManageEngine ServiceDesk Plus Vulnerability Detection and Mitigation

Zoho ManageEngine ServiceDesk Plus Exploit Detection Security researchers warn that hackers continue to exploit Zoho ManageEngine ServiceDesk Plus (SDP) vulnerability in the wild. Despite the patch released in Q1 2019, many instances remain vulnerable, allowing adversaries to deploy web shell malware and compromise targeted networks. CVE-2019-8394 Analysis The vulnerability (CVE-2019–8394) was disclosed on February 18, […]

Read More
CVE-2020-14882

In late October 2020, the world of cybersecurity spotted malicious activity targeted at the Oracle WebLogic servers. This activity took the form of recurring exploitation of a RCE weakness in the Oracle WebLogic server console component known as CVE-2020-14882. This CVE was rated as critical by gaining 9,8 scores on the CVSS scale.  CVE-2020-14882 Overview […]

Read More
Cloud Security Challenges for Enterprise

Cloud services are an irreplaceable part of modern enterprise infrastructure, over 70% of the world’s organizations fully or partially operate on the cloud as reported by Cloud Security Alliance. Cloud service providers also provide extra security measures, such as automated threat detection. But according to statistics, up to 90% of all cybersecurity professionals are now […]

Read More
Proactive detection content: CVE-2019-0708 vs ATT&CK, Sigma, Elastic and ArcSight

I think the most of security community has agreed that CVE-2019-0708 vulnerability is of critical priority to deal with. And while saying “patch your stuff!” feels like the first thing that one should think of, the memories of WannaCry and NotPetya are still fresh in my mind. We know that patching ain’t gonna happen at […]

Read More