Microsoft addresses multiple RCE vulnerabilities in their June 2022 Patch Tuesday
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Microsoft June 2022 Patch Tuesday addressed 55 security flaws. One of them is the Follina which has been addressed in another detailed advisory. Three of them have been rated critical(as per Microsoft) …
Security updates for Adobe Bridge June 2022
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Adobe has released security updates in Adobe Bridge that address critical vulnerabilities at priority 3 (as per Adobe). These vulnerabilities could lead to arbitrary code execution, arbitrary file system, or memory leak. …
Follina: A zero-day vulnerability in Microsoft Office
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Microsoft has issued a patch after almost 15 days for a zero-day vulnerability identified as CVE-2022-30190 after various proof-of-concept (POCs) indicating that it is actively exploited became public. Security researchers have also …
Drupal addresses a Guzzle third-party vulnerability
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The Drupal core project addresses security flaws in a third-party Guzzle library to handle HTTP requests and responses to external services. These may not directly affect Drupal core; however, it can have …
Stable Channel Update in Chrome for Windows, Mac and Linux
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary A list of security fixes has been addressed in the latest version for Windows, Mac and Linux. There are seven security fixes of which four are high severity vulnerabilities (as per Chrome). …
Weekly Digest 30 May – 5 June 2022
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 412 24 1 45 3 13 For a detailed threat digest, download the pdf file here Summary The first week of June 2022 witnessed the discovery of 412 vulnerabilities out of which 24 …
Network Providers and Devices targeted by Chinese state-sponsored actors
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) have released a joint advisory to make organizations in the telecommunications industry aware …
A zero-day vulnerability in Atlassian Confluence
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations about a new vulnerability in Atlassian’s Confluence Server and Data Center. This vulnerability is actively exploited in the wild. …
Gitlab addresses critical security vulnerabilities with newer versions
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The new versions of Gitlab address one critical and two high-security flaws (as per Gitlab). Some of these vulnerabilities could be exploited by an attacker to perform a Stored Cross-Site Scripting(XSS) attack. …
Enemybot malware expands its arsenal by exploiting well-known vulnerabilities
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary EnemyBot, a Mirai-based botnet, is expanding its arsenal by exploiting well-known vulnerabilities in log4j, VMware workspace, Spring Framework, and others. Keksec, also known as Nero and Freakout, is the threat actor behind …