+84949482065
The FBI has issued a Flash Alert warning of an actively exploited 0-day in FatPipe WARP, MPVPN, and IPVPN Software. An unknown threat actor has been exploiting the flaw in…
An audit of government IT operations in Palo Alto, Calif., found a lack of risk management and incident response policies, issues that local leaders voted to remedy. Other challenges found…
Mozilla has released security updates to address a vulnerability in Network Security Services (NSS). An attacker could exploit this vulnerability to take control of an affected system. Ref https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
CVE-2021-44077 is an unauthenticated remote code execution vulnerability that affects all ServiceDesk Plus versions up to, and including, version 11305. More https://us-cert.cisa.gov/ncas/alerts/aa21-336a
We already have 18,124 CVEs as of December 1, 2021. More detail https://www.cvedetails.com/browse-by-date.php
In the wazuh-slack active response script in Wazuh before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. Ref https://github.com/wazuh/wazuh/issues/10858
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. Read here https://www.ibm.com/support/pages/node/6517470
This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the…
BeyondTrust Privilege Management for Windows contains a local privilege escalation vulnerability prior to version 21.6. More https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0008/MNDT-2021-0008.md
Sophisticated Tardigrade malware launches attacks on vaccine manufacturing infrastructure. Read more in my article on the Tripwire blog https://www.tripwire.com/state-of-security/security-data-protection/sophisticated-tardigrade-malware-launches-attacks-on-vaccine-manufacturing-infrastructure/
