Microsoft Patch Tuesday fixes critical zero-days along with 97 other flaws
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Microsoft has fixed 97 vulnerabilities, with nine classified as Critical and 88 as Important and among them 6 zero-days. Following are the type of security vulnerabilities reported in multiple Microsoft products: 41 Elevation of Privilege …
WordPress fixes multiple security vulnerabilities
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. WordPress development team has released the security update to patch the following four vulnerabilities out of which three of them have high severity. CVE-2022-21661: A vulnerability exists in WP_Query class which is caused due to …
A similar vulnerability like Log4shell discovered in H2 database console
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An unauthenticated remote code execution vulnerability similar to Log4shell has been discovered in H2 Database (a popular Java SQL database) console and has been assigned CVE-2021-42392. It is claimed to be similar to the log4shell …
High severity vulnerability in VMware Workstation, Fusion, and ESXi
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A heap buffer overflow vulnerability has been discovered in multiple products of VMware. This bug has been tracked as CVE-2021-22045, if exploited would result in the execution of arbitrary code by the attacker. Heap overflows …
New rootkit iLOBleed targets HP servers
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The rootkit known as iLOBleed has been active since 2020 that is targeting Hewlett-Packard (HP) enterprises’ Integrated Lights-Out (iLO) server management technology to delete data from infected machines and corrupt firmware. The malware family …
Rook: New Ransomware in the market scavenges code from Babuk
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Security researchers found new ransomware dubbed as Rook that reuses the code from Babuk which was released earlier. It was initially seen on VirusTotal on November 26th and pwned its first victim, a Kazkh financial …