Microsoft’s Patch Tuesday Security Updates for November
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. For the month of November, Microsoft has reported a total of 55 vulnerabilities, 6(CVE-2021-38666, CVE-2021-26443, CVE-2021-42279, CVE-2021-42298, CVE-2021-42316, CVE-2021-3711) of which have been rated critical. Four (CVE-2021-43208, CVE-2021-43209) of these vulnerabilities have been publicly …
HelloKitty is launching a DDoS attack by exploiting known vulnerabilities
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The FBI has issued a warning to private businesses about a new feature of the HelloKitty ransomware group (aka FiveHands). The Hello Kitty/FiveHands actor (UNC2447) employs the double extortion strategy to place undue pressure …
Adobe Illustrator 2021 has several critical Vulnerabilities
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Adobe Illustrator 2021 has an update that addresses several important vulnerabilities that might result in memory leaks, arbitrary code execution, and application denial of service. Vulnerability Details Patch Link https://helpx.adobe.com/security/products/illustrator/apsb21-98.html References https://www.marketscreener.com/quote/stock/FORTINET-INC-60103137/news/Fortinet-Security-Researcher-Discovers-Multiple-Vulnerabilities-in-Adobe-Illustrator-36835590/ …
For the third month in a row, it’s time to update Google Chrome
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Multiple vulnerabilities have been discovered in the world’s most popular browser. Two of them have been used in the wild (CVE-2021-38000, CVE-2021-38003). Google has recently patched these vulnerabilities in Google Chrome version 95.0.4638.69 for …
BillQuick Web Suite’s severe vulnerability may affect 400K users
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Multiple versions of BillQuick Web Suite have been found to have a critical vulnerability. Ahacker was able to get initial access to a US engineering company by exploiting this seriousvulnerability (CVE 2021 42258). It …
Microsoft patches a vulnerability that was used in MysterySnail RAT Campaign
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An APT espionage campaign leveraged a zero-day exploit for Microsoft Windows to escalate privileges and obtain access to Windows servers. The exploit chain culminated in the installation of a newly discovered remote access trojan …
Iranian APT is targeting Middle Eastern Aerospace and Telecommunications companies
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. ShellClient is a powerful new Remote Access Trojan (RAT) that was used in highly targeted attacks on a select few Aerospace and Telecommunications firms, primarily in the Middle East, with other victims in the …
Multiple vulnerabilities have been discovered in the Apache HTTP Server
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. There is a zero-day vulnerability (CVE-2021-41773) and a DoS vulnerability (CVE-2021-41524) in Apache HTTP servers. After a publicly disclosed exploit, the zero-day vulnerability has been actively exploited in the wild. The Hive Pro Threat …
Another day, another zero-day for Google Chrome
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Google has published an emergency fix (94.0.4606.71) to address the latest zero-day vulnerabilities (CVE 2021 37975, CVE 2021 37976). These are the fourth and fifth zero days of the month. These flaws have been …
Chrome’s eleventh zero-day vulnerability for the year 2021 has been patched
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A vulnerability in Chrome and Microsoft edge(Chromium based) exists as a result of a use-after-free issue when processing HTML data in Google Chrome’s Portals component. A remote attacker can create a specially designed site, …