December 14, 2022
Fortinet recently disclosed a critical buffer overflow vulnerability in FortiOS SSL-VPN that is deployed on a wide range of Fortinet products. The flaw has been tracked with an identifier CVE-2022-42475 and has got a score of 9.3 out of 10 on the CVSS scale. This vulnerability can be exploited by an attacker that results in Remote Code Execution or Remote Command Execution. The attacker can then take over the device to install programs, view, change or delete data, or create new accounts with full user rights.
December 13, 2022
Microsoft disclosed a vulnerability in their legacy JScript9 library that attackers have exploited with phishing attachments involving Microsoft Word, Internet Explorer (IE) deprecated but still in use, and Rich Text Format (RTF) files. Known as CVE-2022-41128, this vulnerability is being weaponized by cyber criminals with phishing emails to trick unsuspecting users and to evade detection.
November 21, 2022
A vulnerability has been found in the string interpolator module of a Java library called the Apache Commons Text library. Exploiting this vulnerability (CVE-2022-42889) can result in a cyber-criminal taking over your computer or manipulating data strings to force data leakage. Its severity rating is critical.
November 07, 2022
The OpenSSL project recently disclosed a critical vulnerability in the OpenSSL library for version 3.0.0 and above, specifically for a bug in the X.509 Certificate. OpenSSL is an encryption library widely used across on-premises, in SaaS applications, datacenter servers, critical endpoints, and in IoT infrastructures. Open SSL is found in commercial and government organizations. Called CVE-2022-3062, this 4-byte buffer overflow vulnerability can be exploited by attackers to crash the device and cause a Denial of Service (DoS) attack or create a Remote Code Execution (RCE).
June 01, 2022
Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on addressing the Zero-day remote code execution (RCE) vulnerability—CVE-2022-30190, known as "Follina"—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows.
December 12, 2021
On Dec. 9, 2021, a remote code execution (RCE) vulnerability CVE-2021-44228 in Apache log4j 2 was identified, and attackers are already actively exploiting this vulnerability. On Dec. 14, 2021, a second vulnerability CVE-2021-45046 was announced and fixed in logvj2 v2.16.0.
August 15, 2021
A new version of the LockBit 2.0 ransomware has been identified that automates the encryption of a Windows domain using Active Directory group policies. LockBit threat actors are actively exploiting existing vulnerabilities in the Fortinet FortiOS and FortiProxy products, identified as CVE-2018-13379, in order to gain initial access to specific victim networks.
July 26, 2021
This advisory is intended for organizations that self-host the EventTracker Console. Attackers have been very active recently targeting on-premises hosted software. Accordingly, organizations that host Netsurion’s EventTracker on their own premises are urged to review the EventTracker Hardening Guide and implement these recommendations to reduce their attack surface.
July 22, 2021
Microsoft (CVE-2021-36934) issued an alert (on July 20, 2021) about the Windows Elevation of Privilege Vulnerability which provides non-privileged user access to system files on affected versions.
July 13, 2021
Kaseya announced a notification about a potential attack against the VSA that has been limited to a small number of on-premise customers.
June 02, 2021
Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. The campaign, initially observed and tracked by Microsoft since January 2021, evolved over a series of waves demonstrating significant experimentation.
March 05, 2021
Microsoft has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts and allowed installation of additional malware to facilitate long-term access to victim environments.
December 17, 2020
Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on Active exploitation of SolarWinds Orion Platform software versions 2019.4 HF 5 through 2020.2.1 HF 1, released between March 2020 and June 2020. Read Our Official Statement on the Active SolarWinds Exploit.
March 27, 2020
Microsoft has released an out-of-band security advisory to address two critical remote code execution vulnerabilities in Adobe Type Manager Library. Microsoft is also aware of limited, targeted attacks that attempt to leverage this vulnerability.