A critical vulnerability in vCenter Server could allow an unauthenticated attacker to execute arbitrary code on the server that hosts vCenter and so take over the system. vCenter Server is used by IT Admins to manage VMware installations and the virtual machines that run in the VMware environment. The vulnerability (CVE-2021-21972) in a plug-in usedRead more
Blog
In the February 2021 Patch Tuesday security update Microsoft fixed 56 flaws, one zero-day vulnerability and two remote code execution vulnerabilities in the Windows Fax Service. That’s right, someone can send you a fax and take over your Windows system. While you might be tempted to think: ‘who sends faxes these days?’ that is theRead more
The NAT Slipstreaming2.0 attack exploits the standard support for VOIP routing in NAT routers/firewalls to expose all devices on the internal network to attack from the internet. A new variant of the NAT Slipstreaming attack has been published which extends the attack to abuse the H.323 protocol used by VOIP devices to manage call forwarding. Read more
This week both SonicWall and Cisco have released patches for critical vulnerabilities in their networking products. SonicWall zero day The SonicWall vulnerability (CVE-2021-20016) is a zero-day under active attack – in fact it was used to breach SonicWall’s own network in January according to their security advisory. The flaw affects SonicWall SMA 100 series devicesRead more
A serious bug in the Linux SUDO utility has been discovered that allows any user to gain root privilege on a Linux system. The flaw was discovered by security firm Qualys and they describe it in their blog post as a heap overflow vulnerability that means: any unprivileged user can gain root privileges on aRead more
According to a new report, 68% of organisations that suffered a network breach are the victim of a repeat attack within a year. Cyber-criminals assume that organisation will not learn a lesson from the first attack and return in the hope of easy pickings the second time around. The report from cybersecurity response firm CrowdstrikeRead more
Oracle patched a vulnerability in their WebLogic server in October 2020 – eight days later working exploit code was published online and now it is being used by criminals. CVE-2020-14882 allows an attacker to perform a Remote Code Execution attack with minimal effort or skill required. Juniper Networks security researchers reports at least five differentRead more
VMWare has issued a security advisory warning of a command injection vulnerability that could allow someone with access to the VMWare Configurator admin account to issue command with unrestricted privileges on the underlying operating system. The vulnerability (CVE-2020-4006) affects VMWare Workspace One Access, Access Connector, Identity Manage and Identify Manager Connector administrative configurator. A maliciousRead more
The UK National Cyber Security Centre has issued an alert warning that multiple actors are attempting to exploit a MobileIron vulnerability to compromise the networks of UK organisations. MobileIron issued a security patch in June 2020 for their Mobile Device Management system to resolve several vulnerabilities in their software. Included was a critical remote codeRead more
The November security patch bundle from Microsoft fixes 112 security vulnerabilities in their products, including 12 Remote Code Execution vulnerabilities. Noteworthy vulnerabilities fixed this month include: Windows Kernel Local Elevation of Privilege: CVE-2020-17087 Observed under active attack in the wild by Google, CVE-2020-17087 is an elevation of privilege vulnerability that was being used inRead more
