F5, Inc warned the users about the critical vulnerability that harms the iControl REST users. That solution is a framework offered by the F5 Corporation as an advanced tool for software developers. The detected flaw is noted as critical, since it makes the device takeover possible for non-authorised users. F5 warns its customers of a… Continue reading F5 warns of critical BIG-IP RCE vulnerability
Tag: 0-Day
Zero-Day Vulnerability: Understanding the Real Threats
Zero-day vulnerability are the real mess of a modern cybersecurity world. You may have a perfect protection system established in your network, and your employees may be warned and ready to react properly if something goes wrong, but that still is not enough to say that a zero-day threat is avoided. So is there a… Continue reading Zero-Day Vulnerability: Understanding the Real Threats
Lapsus$ hack group stole the source codes of Microsoft products
The Lapsus$ hack group has released the source codes for Bing, Cortana, and other Microsoft products allegedly stolen from an internal Microsoft Azure DevOps server. Over the weekend, a screenshot appeared on the Lapsus$ Telegram channel demonstrating that hackers attacked the Microsoft Azure DevOps server and got to the sources of Bing, Cortana and various… Continue reading Lapsus$ hack group stole the source codes of Microsoft products
Chinese hackers use Zimbra 0-day vulnerability to hack European media and authorities
Security firm Volexity has warned that a previously unknown Chinese hack group is exploiting a 0-day vulnerability in Zimbra’s collaborative software. According to official statistics, more than 200,000 enterprises in 140 countries around the world use Zimbra, including more than 1,000 government and financial institutions. The researchers write that using the 0-day vulnerability, attackers gain… Continue reading Chinese hackers use Zimbra 0-day vulnerability to hack European media and authorities
Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware
The latest of this year, December’s patch Tuesday brought fixes for six 0-day vulnerabilities in Microsoft products, including a bug in the Windows AppX Installer that uses Emotet malware to spread. Microsoft patched 67 vulnerabilities in its products this month, seven of which are classified as critical and 60 are classified as important. Separately, Microsoft… Continue reading Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware
0-day In Log4j Library Poses A Threat To Many Applications & Servers
The Apache Software Foundation has released an emergency security update that fixes a 0-day vulnerability (CVE-2021-44228) in the popular Log4j logging library, which is part of the Apache Logging Project. The patch was released as part of the 2.15.0 release. The vulnerability was named Log4Shell and scored 10 out of 10 points on the CVSS… Continue reading 0-day In Log4j Library Poses A Threat To Many Applications & Servers
Unofficial fixes released for 0-day issue in Windows Mobile Device Management Service
Unofficial fixes released for 0-day issue in Windows Mobile Device Management Service Access to Work or School. The problem is present on devices running Windows 10, version 1809 (and later). The bug is related to a bypass of the information disclosure patch (CVE-2021-24084) released by Microsoft engineers in February this year. This month, cybersecurity researcher… Continue reading Unofficial fixes released for 0-day issue in Windows Mobile Device Management Service
Microsoft releases patches for 44 vulnerabilities, including three 0-days
As part of Patch Tuesday this week, Microsoft released patches for 44 vulnerabilities (51 including bugs in Microsoft Edge), seven of which were classified as critical, three were 0-day, and one was already under attack. Patches released this month: .NET Core and Visual Studio, ASP.NET Core and Visual Studio, Azure, Windows Update, Windows Print Spooler… Continue reading Microsoft releases patches for 44 vulnerabilities, including three 0-days
Microsoft patches 117 vulnerabilities, including 9 zero-day vulnerabilities
As part of July Patch Tuesday, Microsoft fixed (released patches) for 117 vulnerabilities, of which 13 were classified as critical. That is, the July set of patches is twice as large as the May and June “Patch Tuesday” combined. This time, bugs were fixed in products such as Microsoft Office, SharePoint, Excel, Microsoft Exchange Server,… Continue reading Microsoft patches 117 vulnerabilities, including 9 zero-day vulnerabilities
Chrome again frantically fixes 0-day vulnerabilities
Google has released a new version of Chrome for Windows, Mac and Linux, in which developers are patching two recently discovered 0-day vulnerabilities. According to the company, exploits are already available for these bugs. Problems received identifiers CVE-2021-21206 and CVE-2021-21220. The CVE-2021-21206 vulnerability was discovered in the V8 JavaScript engine and is related to the… Continue reading Chrome again frantically fixes 0-day vulnerabilities