Millions of routers are affected by a high severity flaw in the NetUSB module which is used by many vendors including NETGEAR, TP-Link, and Dlink. NetUSB is developed by Kcodes and is licensed to many device manufacturers. It enables remote network devices to connect to USB peripherals which are plugged into the router – typicallyRead more
Blog
The New Year gets off to a busy start for Microsoft with the first security patch updates resolving over 100 vulnerabilities including six zero-days and one critical flaw identified as wormable. A wormable vulnerability can be exploited with no human intervention allowing malware to move from one computer to another across your network. This flawRead more
Proof of Concept code has been published showing how to exploit two vulnerabilities that would allow an attacker to obtain domain admin privilege on your Windows Domain Controllers. In the November security patch bundle, Microsoft released patches to resolve two vulnerabilities ( CVE-2021-42287 and CVE-2021-42278 ) in the Windows Active Directory Domain Services. On December 12th a proofRead more
This week Microsoft released their last monthly security patch bundle for the year, fixing six zero-day vulnerabilities – and many other companies released security updates as well. Microsoft Updates for December This month Microsoft’s security bundle includes fixes for 67 vulnerabilities with six of them classified as zero-day – which means in Microsoft’s terms: thatRead more
When it comes to security vulnerabilities, they don’t get any worse than the one recently disclosed in the Log4j utility which was awarded the maximum CVSS severity of 10. This is not some theoretical risk, it is an open door to affected systems. The NCSC calls it: ‘potentially the most severe computer vulnerability in years.’Read more
This week there have been several exploits published that target recently published (and patched) vulnerabilities in Microsoft Exchange Server and Windows 10/11 systems. Coming just a week after Microsoft published patches for these vulnerabilities, already proof of concept code has been made available on GitHub and threat actors have started targeting the exploits hoping toRead more
Palo Alto Networks has released a critical patch for their firewalls with GlobalProtect Portal or Gateway interfaces. With a critical severity rating of 9.8, this memory corruption vulnerability could allow an attacker to execute remote code on the firewall with root privileges. According to the security advisory published by Palo Alto Networks: This issue isRead more
November’s security updates bring a bundle of important fixes for vulnerabilities in Windows and Android devices Microsoft Patch Tuesday Updates Microsoft’s security update this month fixes 55 security flaws with 6 of them called out as zero-day vulnerabilities. Microsoft classifies a zero-day as a vulnerability that is either under active attack in the wild orRead more
Microsoft has released patches for two security vulnerabilities in PowerShell which could allow a malicious script to circumvent the protection offered by Windows Defender Application Control. PowerShell is a cross-platform command-line shell used extensively in the administration of Windows and Azure servers. It is also popular with malicious users due to its power and flexibilityRead more
The October security patch updates include fixes for critical flaws and zero-day vulnerabilities from Microsoft, Apple and Apache. Microsoft October Updates October’s security patch bundle from Microsoft includes fixes for four zero-day vulnerabilities, at least one of which is actively being exploited in the wild. Overall Microsoft fixes 70 vulnerabilities include the first inclusion ofRead more
