Microsoft could not patch this vulnerability
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Microsoft released patches for 44 vulnerabilities on November 9th. CVE-2021-41379 was among them. However, installing this patch does not completely eliminate the vulnerability. An exploit for a new Windows zero-day local privilege elevation vulnerability …
A zero-day vulnerability has been discovered in PAN’s GlobalProtect firewall
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Palo Alto Networks (PAN) released an update on November 10, 2021, that patched CVE-2021-3064, which was discovered and disclosed by Randori. This vulnerability affects PAN firewalls that use the GlobalProtect Portal VPN, and it …
Microsoft’s Patch Tuesday Security Updates for November
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. For the month of November, Microsoft has reported a total of 55 vulnerabilities, 6(CVE-2021-38666, CVE-2021-26443, CVE-2021-42279, CVE-2021-42298, CVE-2021-42316, CVE-2021-3711) of which have been rated critical. Four (CVE-2021-43208, CVE-2021-43209) of these vulnerabilities have been publicly …
HelloKitty is launching a DDoS attack by exploiting known vulnerabilities
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The FBI has issued a warning to private businesses about a new feature of the HelloKitty ransomware group (aka FiveHands). The Hello Kitty/FiveHands actor (UNC2447) employs the double extortion strategy to place undue pressure …
Adobe Illustrator 2021 has several critical Vulnerabilities
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Adobe Illustrator 2021 has an update that addresses several important vulnerabilities that might result in memory leaks, arbitrary code execution, and application denial of service. Vulnerability Details Patch Link https://helpx.adobe.com/security/products/illustrator/apsb21-98.html References https://www.marketscreener.com/quote/stock/FORTINET-INC-60103137/news/Fortinet-Security-Researcher-Discovers-Multiple-Vulnerabilities-in-Adobe-Illustrator-36835590/ …
For the third month in a row, it’s time to update Google Chrome
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Multiple vulnerabilities have been discovered in the world’s most popular browser. Two of them have been used in the wild (CVE-2021-38000, CVE-2021-38003). Google has recently patched these vulnerabilities in Google Chrome version 95.0.4638.69 for …
BillQuick Web Suite’s severe vulnerability may affect 400K users
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Multiple versions of BillQuick Web Suite have been found to have a critical vulnerability. Ahacker was able to get initial access to a US engineering company by exploiting this seriousvulnerability (CVE 2021 42258). It …
Microsoft patches a vulnerability that was used in MysterySnail RAT Campaign
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An APT espionage campaign leveraged a zero-day exploit for Microsoft Windows to escalate privileges and obtain access to Windows servers. The exploit chain culminated in the installation of a newly discovered remote access trojan …
Iranian APT is targeting Middle Eastern Aerospace and Telecommunications companies
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. ShellClient is a powerful new Remote Access Trojan (RAT) that was used in highly targeted attacks on a select few Aerospace and Telecommunications firms, primarily in the Middle East, with other victims in the …