VMware patches critical vRealize Operations flaws that could lead to RCE
Two vulnerabilities (CVE-2021-21975, CVE-2021-21983) recently patched by VMware in its vRealize Operations platform can be chained together to achieve unauthenticated remote …
security update
Automatically mitigate ProxyLogon, detect IoCs associated with SolarWinds attackers’ activities
Microsoft has updated its Defender Antivirus to mitigate the ProxyLogon flaw on vulnerable Exchange Servers automatically, while the Cybersecurity and Infrastructure Security …
As attacks on Exchange servers escalate, Microsoft investigates potential PoC exploit leak
Microsoft Exchange servers around the world are still getting compromised via the ProxyLogon (CVE-2021-26855) and three other vulnerabilities patched by Microsoft in early …
March 2021 Patch Tuesday: Microsoft fixes yet another actively exploited IE zero-day
As system administrators and security teams around the world are working on ascertaining whether they’ve been breached and compromised via vulnerable Microsoft Exchange …
Exchange Servers targeted via zero-day exploits, have yours been hit?
Microsoft has released out-of-band security updates for seven bugs affecting Microsoft Exchange Servers, four of which are zero-day vulnerabilities being exploited by …
Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!
The day after VMware released fixes for a critical RCE flaw (CVE-2021-21972) found in a default vCenter Server plugin, opportunistic attackers began searching for publicly …
February 2021 Patch Tuesday: Microsoft and Adobe fix exploited zero-days
On this February 2021 Patch Tuesday: Adobe has fixed a Reader flaw used in limited attacks, as well as delivered security updates for a variety of products, including Acrobat …
Apple fixes three actively exploited iOS zero-days
Apple has release a new batch of security updates and has fixed three iOS zero-days that “may have been actively exploited” by attackers. The three zero-days Two …
Sudo vulnerability allows attackers to gain root privileges on Linux systems (CVE-2021-3156)
A vulnerability (CVE-2021-3156) in sudo, a powerful and near-ubiquitous open-source utility used on major Linux and Unix-like operating systems, could allow any unprivileged …
Dnsmasq vulnerabilities open networking devices, Linux distros to DNS cache poisoning
Seven vulnerabilities affecting Dnsmasq, a caching DNS and DHCP server used in a variety of networking devices and Linux distributions, could be leveraged to mount DNS cache …
January 2021 Patch Tuesday: Microsoft plugs Defender zero-day RCE
On this January 2021 Patch Tuesday: Microsoft has plugged 83 CVEs, including a Microsoft Defender zero-day Adobe has delivered security updates for a variety of products SAP …
Cisco re-patches wormable Jabber RCE flaw
In September 2020, Cisco patched four Jabber vulnerabilities (including one wormable RCE flaw), but as it turns out, three of four have not been sufficiently mitigated. The …