Vulnerabilities

Researchers Discover 3 WordPress Plugins Leaving 84,000 Websites Vulnerable To Attack

Leave a Comment / Vulnerabilities /

Three WordPress plugins have been discovered to be affected with a security shortcoming which gives a malicious actor the opportunity to take over vulnerable websites. An attacker could update arbitrary site options on a vulnerable site, provided they could trick a site administrator into clicking a link or doing a thing. Tracked as CVE-2022-0215, the […]

Researchers Discover 3 WordPress Plugins Leaving 84,000 Websites Vulnerable To Attack Read More »

Garrett Walk-Through Metal Detector Vulnerability Discovered

Leave a Comment / Uncategorized, Vulnerabilities /

Security flaws have been uncovered in a networking component in Garrett Metal Detectors which could allow remote attackers bypass authentication requirements, tamper with metal detector configurations and even execute arbitrary code on the devices. Cisco Talos noted in a disclosure publicized that “An attacker could manipulate this module to remotely monitor statistics on the metal

Garrett Walk-Through Metal Detector Vulnerability Discovered Read More »

Microsoft Releases Windows Update to Patch Zero Day Used to Spread Emotet Malware

Leave a Comment / Vulnerabilities /

Multiple security vulnerabilities have been addressed in the recent Microsoft Patch Tuesday updates. This updates deals with but not limited to actively exploited flaw that is being abused to deliver Emotet, TrickBot or Bazaloader malware payloads. This release fixes a total of 67 flaws bringing the total number of bugs patched by the company this

Microsoft Releases Windows Update to Patch Zero Day Used to Spread Emotet Malware Read More »

Microsoft Windows OS Gets Affected by Unpatched Unauthorized File Read Vulnerability

Leave a Comment / Uncategorized, Vulnerabilities /

The Windows Security Vulnerability (CVE-2021-24084) which allows disclosure and Local Privilege Escalation (LPE) on vulnerable systems has received a follow up patch after the last patch failed to solve the problem. But as observed by Naceri in June 2021, not only could the patch be bypassed to achieve the same objective, the researcher this month

Microsoft Windows OS Gets Affected by Unpatched Unauthorized File Read Vulnerability Read More »

Hackers Making Attempt At Exploiting New Windows Installer Zero-Day Vulnerability

Leave a Comment / Vulnerabilities /

Hackers are putting in efforts to exploit a recently disclosed privilege escalation vulnerability in order to execute arbitrary codes on fully-patched systems. Tracked as CVE-2021-42379 the elevation of privilege flaw affects Windows Installer software component and was originally resolved as part of Microsoft’s Patch Tuesday updates for November 2021. Researchers have indicated that it was

Hackers Making Attempt At Exploiting New Windows Installer Zero-Day Vulnerability Read More »

FBI Releases Alert on Currently Exploited FatPipe VPN Zero-Day Bug

Leave a Comment / Vulnerabilities /

The FBI has disclosed that a yet to be identified threat actor has been exploiting a previously known weakness in the FatPipe MPVPN networking devices at least since May 2021 using it to obtain initial foothold as well as maintain persistent access into the vulnerable networks. This allowed APT actors to gain unrestricted file upload

FBI Releases Alert on Currently Exploited FatPipe VPN Zero-Day Bug Read More »

Cybersecurity Agencies Release Warnings on Exploitation of Microsoft, Fortinet Flaws by Iranian Hackers

Leave a Comment / Vulnerabilities /

A joint advisory warning of active exploitation of Fortinet and Microsoft Exchange Proxyshell has been released by cybersecurity agencies from Australia, U.S and the U.K. Iranian state-sponsored actors are believed to be behind this attacks and are leveraging multiple Fortinets FortiOS vulnerabilities dating back to March 2021 as well as a a remote code execution

Cybersecurity Agencies Release Warnings on Exploitation of Microsoft, Fortinet Flaws by Iranian Hackers Read More »

Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN

Leave a Comment / Vulnerabilities /

A Zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN capable of being abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices using root privileges Tracked as CVE-2021-3064 (CVSS score:9.8), the security weakness impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.1.17. This flaw was discovered and reported by Masachusetts-based

Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN Read More »

Google Releases Patches for a New Android 0-Day Vulnerability

Leave a Comment / Vulnerabilities /

Monthly security patches have been released by Google for Android, fixing 39 flaws inclusive of a zero-day vulnerability which is actively being exploited in the wild in limited targeted attacks. The zero-day bug tracked as CVE-2021-1048 is described as a use-after-free vulnerability in the kernel which could be exploited for local privilege escalation. Use-after-free could

Google Releases Patches for a New Android 0-Day Vulnerability Read More »

Google Releases Emergency Update Patching Exploited Bugs

Leave a Comment / Vulnerabilities /

An emergency update for Chrome web browser fixing two zero-day vulnerabilities has been released. The vulnerability is tracked as CVE-2021-38000 and CVE-2021-38003 and relates to insufficient validaton of untrusted input in a feature called Intents and inappropriate implentation in V8 JavaScript and WebAssembly engine. This flaw was discovered and reported by Threat Analysis Group (TAG)

Google Releases Emergency Update Patching Exploited Bugs Read More »