Cerber targeting organizations with publicly available exploits
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Cerber, ransomware that mysteriously vanished in 2019, has reappeared with a new encryption. The new cerber includes fresh source code and makes use of the new library Crypto+++, whereas the previous form made use …
Grafana releases an emergency patch for a Zero-Day vulnerability
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A vulnerability in Chrome and Microsoft Edge (Chromium-based) exists as a result of a use-after-free Grafana, a database analyzing, and monitoring tool used by major companies has been affected by a high severe zero-day …
Several Zoho ManageEngine products have been exploited
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Multiple vulnerabilities have been discovered in Zoho ManageEngine products. The affected products include Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine SupportCenter Plus, Zoho ManageEngine Desktop Central, Zoho ManageEngine AssetExplorer.CVE 2021 44077 is a vulnerability that …
Microsoft could not patch this vulnerability yet again
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. An improperly patched Windows vulnerability (CVE-2021-24084) can lead to local privilege escalation and information disclosure. The vulnerability was disclosed in October 2020 and even after Microsoft addressed this vulnerability in February 2021’s Patch Tuesday, …
VMware patches SSRF and arbitrary file read vulnerabilities in vCenter Server
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. VMware has released fixes to address two security flaws in vCenter Server and Cloud Foundation tracked as CVE-2021-21980 and CVE-2021-22049. The vulnerability CVE-2021-21980 (arbitrary file read) is of major concern as an attacker with …
Microsoft could not patch this vulnerability
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Microsoft released patches for 44 vulnerabilities on November 9th. CVE-2021-41379 was among them. However, installing this patch does not completely eliminate the vulnerability. An exploit for a new Windows zero-day local privilege elevation vulnerability …
A zero-day vulnerability has been discovered in PAN’s GlobalProtect firewall
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Palo Alto Networks (PAN) released an update on November 10, 2021, that patched CVE-2021-3064, which was discovered and disclosed by Randori. This vulnerability affects PAN firewalls that use the GlobalProtect Portal VPN, and it …