EwDoor Botnet attacking AT&T network edge devices

Post published:December 1, 2021
Post category:Cybersecurity Attacks Network Security Vulnerabilities & Exploits

An attacker has been targeting unpatched AT&T network edge devices via a brand new botnet dubbed EwDoor.

Windows Mobile Device Management 0-day vulnerability could lead to local privilege escalation

Post published:November 30, 2021
Post category:Security Updates & Patches Vulnerabilities & Exploits Zero-days

A security researcher has discovered a zero-day vulnerability CVE-2021-24084 in Windows Mobile Device Management that could allow information disclosure and local privilege escalation (LPE).

VMware patches 2 vSphere Web Client vulnerabilities (CVE-2021-21980, CVE-2021-22049)

Post published:November 27, 2021
Post category:Security Updates & Patches Vulnerabilities & Exploits

VMware has patched arbitrary file read and SSRF vCenter Server vulnerabilities (CVE-2021-21980, CVE-2021-22049) that affect VMware vSphere Web Client.

Attackers exploit Windows Installer zero-day vulnerability (CVE-2021-41379)

Post published:November 24, 2021
Post category:Malware Security Updates & Patches Vulnerabilities & Exploits

Bad actors have been exploiting a previously patched Windows Installer zero-day privileged escalation vulnerability CVE-2021-41379.

FBI alert: APT actors exploit 0-Day FatPipe VPN vulnerabilities

Post published:November 21, 2021
Post category:Network Security Security Updates & Patches Vulnerabilities & Exploits Zero-days

The Federal Bureau of Investigation (FBI) has issued a report of advanced persistent threat (APT) actors exploiting 0-day FatPipe MPVPN networking devices since at least May of 2021.

GitHub fixes 2 npm registry vulnerabilities

Post published:November 20, 2021
Post category:Application Security Security Updates & Patches Vulnerabilities & Exploits

GitHub has fixed two node package manager (npm) registry vulnerabilities, one of those could allow an attacker to publish new versions of an npm package without proper authorization.

Iranian state-sponsored APT actors target Microsoft Exchange and Fortinet vulnerabilities

Post published:November 18, 2021
Post category:Cybersecurity Attacks Security Updates & Patches Vulnerabilities & Exploits

Iranian state-sponsored advanced persistent threat (APT) actors have been targeting and exploiting Microsoft Exchange and Fortinet vulnerabilities.

Google releases Chrome 96 security update (96.0.4664.45) with fixes for 25 vulnerabilities

Post published:November 17, 2021
Post category:Security Updates & Patches Vulnerabilities & Exploits

Google has released Chrome 96 security update (96.0.4664.45) for Windows, Mac and Linux with fixes for multiple High risk vulnerabilities.

Palo Alto Networks fixes Critical PAN-OS vulnerability (CVE-2021-3064)

Post published:November 13, 2021
Post category:Network Security Security Updates & Patches Vulnerabilities & Exploits

Palo Alto Networks has fixed a Critical PAN-OS vulnerability (CVE-2021-3064) in GlobalProtect Portal and Gateway Interfaces.

VMware patches Tanzu Application Service for VMs vulnerability (CVE-2021-22101)

Post published:November 13, 2021
Post category:Security Updates & Patches Vulnerabilities & Exploits

VMware has issued a security fix for a VMware Tanzu Application Service for VMs vulnerability CVE-2021-22101.