Pierluigi Paganini
March 09, 2021
Apple released out-of-band patches to address a remote code execution, tracked as CVE-2021-1844, that affect iOS, macOS, watchOS, and Safari web browser. Apple has released out-of-band security patches to address a critical iOS, macOS, watchOS, and Safari web browser to address a security flaw tracked as CVE-2021-1844. The vulnerability was discovered by Clément Lecigne of […]
Pierluigi Paganini
March 08, 2021
Experts warn of ongoing attacks targeting QNAP network-attached storage (NAS) devices to abuse them in cryptocurrency mining. Researchers at 360Netlab are warning of a cryptocurrency malware campaign targeting unpatched QNAP network-attached storage (NAS) devices. Threat actors are exploiting two unauthorized remote command execution vulnerabilities, tracked as CVE-2020-2506 & CVE-2020-2507, in the Helpdesk app that have been fixed by the […]
Pierluigi Paganini
March 06, 2021
Cisco announced that a vulnerability in the Snort detection engine exposes several of its products to denial-of-service (DoS) attacks. Cisco announced this week that several of its products are exposed to denial-of-service (DoS) attacks due to a vulnerability in the Snort detection engine. The vulnerability resides in the Ethernet Frame Decoder of the Snort detection […]
Pierluigi Paganini
March 06, 2021
After the disclosure of Microsoft Exchange zero-days, MS Exchange Server team has released a script to determine if an install is vulnerable. This week Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. In response to the […]
Pierluigi Paganini
March 05, 2021
Experts found five vulnerabilities in the Linux kernel, tracked as CVE-2021-26708, that could lead to local privilege escalation. Positive Technologies researcher Alexander Popov found five high severity vulnerabilities in the Linux kernel that could lead to local privilege escalation. The Linux kernel vulnerabilities are race conditions that reside in AF_VSOCK implementation, they were implicitly introduced in November […]
Pierluigi Paganini
March 04, 2021
VMware released a security patch for a remote code execution vulnerability that affects the VMware View Planner product. VMware released a security patch for a remote code execution flaw, tracked as CVE-2021-21978, that affects the VMware View Planner. The View Planner is a free tool for Performance Sizing and Benchmarking of Virtual Desktop Infrastructure environments. […]
Pierluigi Paganini
March 04, 2021
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive related to recently fixed Microsoft Exchange zero-days. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued the Emergency Directive 21-02 in response to the disclosure of zero-day vulnerabilities in Microsoft Exchange. This week Microsoft has released emergency out-of-band security updates that address four […]
Pierluigi Paganini
March 04, 2021
Now maintainers at the GRUB project have released security updates to address more than 100 vulnerabilities. GRUB2 (the GRand Unified Bootloader version 2) is a replacement for the original GRUB Legacy boot loader, which is now referred to as “GRUB Legacy”. The mechanism is designed to protect the boot process from attacks. In July 2020, researchers at the cybersecurity firmware Eclypsium disclosed a buffer […]
Pierluigi Paganini
March 01, 2021
Top executives of the software firm SolarWinds blamed an intern for having used a weak password for several years, exposing the company to hack. Top executives of the SolarWinds firm believe that the root cause of the recently disclosed supply chain attack is an intern that has used a weak password for several years. Initial […]
Pierluigi Paganini
March 01, 2021
The National Security Agency (NSA) published a document to explain the advantages of implementing a zero-trust model. The National Security Agency (NSA) recently published a document to explain the benefits of adopting a zero-trust model, and advice to navigate the process. Modern infrastructure are complex environments that combine multiple technologies and that are exposed to […]
