January 2021 - Securezoo

Sudo privilege escalation vulnerability (CVE-2021-3156)

Authentication, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / January 29, 2021 April 7, 2022

A vulnerability in open-source sudo utility could allow regular users to gain root privileges on vulnerable Linux hosts without authentication.

CISA releases new malware analysis on Supernova

Cybersecurity Attacks, Malware / By Frank Crast / January 28, 2021 January 28, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has released new malware analysis on Supernova that affects unpatched SolarWinds Orion software.

Mozilla releases Firefox 85, fixes for 5 High risk vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / January 28, 2021 January 28, 2021

The Mozilla Foundation has released Firefox 85 that includes security fixes for five High risk vulnerabilities and new protections from supercookies.

Apple releases iOS 14.4 with fixes for 3 zero-days exploited in wild (and other security updates)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / January 27, 2021 February 4, 2021

Apple has released security updates to fix vulnerabilities in iOS 14.4, watchOS 7.3, Xcode 12.4, iCloud for Windows 12.0 and tvOS 14.4. As part of the updates, the tech giant also addressed three zero-day iOS vulnerabilities exploited in the wild.

North Korean hackers target security researchers in new campaign

Cybersecurity Attacks, Phishing, Vulnerabilities & Exploits / By Frank Crast / January 26, 2021 January 26, 2021

Google’s Threat Analysis Group (TAG) has discovered a new ongoing campaign targeting security researchers working on vulnerability research.

SQL Server malware “MrbMiner” attacks

Cloud Security, Cybersecurity Attacks, Malware, Network Security / By Frank Crast / January 25, 2021 February 1, 2021

Security researchers have identified the source of a SQL Server malware “MrbMiner” attacks allegedly tied to an Iranian software firm.

Cisco patches 8 Critical SD-WAN vulnerabilities and flaws in other network products

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / January 23, 2021 January 23, 2021

Cisco has patched eight Critical vulnerabilities in SD-WAN products, as well as fixes for multiple other network products.

Drupal patches Critical third-party library vulnerability (CVE-2020-36193)

Application Security, Security Updates & Patches, Third-Party Security, Vulnerabilities & Exploits / By Frank Crast / January 23, 2021 December 26, 2021

Drupal has patched a Critical third-party library vulnerability (CVE-2020-36193) that affects multiple versions of Drupal Core.

Oracle Critical Patch Update for January 2021

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / January 22, 2021 January 23, 2021

Oracle has released its Critical Patch Update for January 2021 to include 329 vulnerability fixes across multiple products.

FireEye publishes Microsoft 365 tools and hardening strategies to defend against SolarWinds attackers

Cloud Security, Cybersecurity Attacks, Security Monitoring / By Frank Crast / January 21, 2021 January 21, 2021

Security firm FireEye has published new Microsoft 365 tools and hardening strategies to defend against SolarWinds attackers, also known as UNC2452.

Month: January 2021