Multiple vulnerabilities have been discovered in the Apache HTTP Server
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. There is a zero-day vulnerability (CVE-2021-41773) and a DoS vulnerability (CVE-2021-41524) in Apache HTTP servers. After a publicly disclosed exploit, the zero-day vulnerability has been actively exploited in the wild. The Hive Pro Threat …
Another day, another zero-day for Google Chrome
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Google has published an emergency fix (94.0.4606.71) to address the latest zero-day vulnerabilities (CVE 2021 37975, CVE 2021 37976). These are the fourth and fifth zero days of the month. These flaws have been …
Chrome’s eleventh zero-day vulnerability for the year 2021 has been patched
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A vulnerability in Chrome and Microsoft edge(Chromium based) exists as a result of a use-after-free issue when processing HTML data in Google Chrome’s Portals component. A remote attacker can create a specially designed site, …
Are you a victim of the Conti Ransomware?
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Conti Ransomware targets enterprises who have not patched their systems by exploiting old vulnerabilities. Conti Ransomware steals sensitive information from businesses and demands a ransom in exchange. CISA has issued a warning about the …
ManageEngine ADSelfService Plus has been abused in the wild due to a zero-day vulnerability
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An APT actor is attempting to exploit a zero-day vulnerability in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution that poses a high risk to critical infrastructure companies, US-cleared defense contractors, …
Threat actors are actively exploiting OMIGOD vulnerabilities impacting Microsoft Azure
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Azure VMs using Linux management solutions with Azure Automation, Azure Automatic Update, Azure Operations Management Suite (OMS), Azure Log Analytics, Azure Configuration Management, or Azure Diagnostics are affected by OMIGOD. Attackers can remotely exploit …
Google patches chrome zero-day vulnerabilities being exploited in the wild
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Google just released a major security update for Google Chrome that addresses eleven vulnerabilities, including two zero-day flaws that have been exploited in the wild. A remote attacker might take use of the flaws …
Apple fixes the zero-day vulnerabilities exploited by Pegasus spyware named “FORCEDENTRY”
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Two actively exploited vulnerabilities (CVE-2021-30858 and CVE-2021-30860) have been fixed in Apple’s iOS 14.8, iPadOS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and Safari 14.1.2 releases. The NSO group carried out the attack by …
ProxyShell and PetitPotam exploits weaponized by LockFile Ransomware Group
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. LockFile, a new ransomware gang, has been active since last week. LockFile began by using a publicly disclosed PetitPotam exploit (CVE-2021-36942) to compromise Windows Domain Controllers earlier this week. Using ProxyShell vulnerabilities (CVE-2021-34473, CVE-2021-34523 …