The Second Exploit in Ivanti EPMM in a Week

Ivanti had a second bug on their product despite fixing a zero-day vulnerability.

Ivanti has once again encountered an error that affects and corrects its Endpoint Manager software. This is despite the fact that Ivanti had eliminated a zero-day vulnerability that targeted the same product a few days before. Analysts found new vulnerability in Ivanti EPMM Currently, two vulnerabilities are being actively exploited by malicious cyber actors. It… Continue reading The Second Exploit in Ivanti EPMM in a Week

Microsoft CVE-2023-36884 Vulnerability Exploited in the Wild

Microsoft found a remote code execution vulnerability CVE-2023-36884

On July 11, 2023, Microsoft published an article about addressing the CVE-2023-36884 vulnerability. This breach allowed for remote code execution in Office and Windows HTML. Microsoft has acknowledged a targeted attack that exploits a vulnerability using specifically designed Microsoft Office documents. The attacker can gain control of a victim’s computer by creating a malicious Office… Continue reading Microsoft CVE-2023-36884 Vulnerability Exploited in the Wild

GitLab Releases Patch to Critical Vulnerability

If you are using GitLab 16.0, you're exposed to an extremely severe vulnerability.

GitLab, one of the most famous code repositories in the world, faces critical security issues in the latest update. Aside from advanced functionality, the 16.0 patch brought an extremely severe vulnerability. Experts already gave it CVSS 10.0 mark – the highest possible. What is GitLab? GitLab is an open-source repository and collaborative software development platform.… Continue reading GitLab Releases Patch to Critical Vulnerability

Critical Vulnerability in UNISOC Devices Patched

UNISOC-chip Android Phones are Vulnerable to Remote Modem-Targeting Attacks In May 2022, the UNISOC company was informed by Check Point Research specialists about a critical vulnerability present in UNISOC chipset devices. The flaw was confirmed by the manufacturer and patched. The vulnerability revelation happened after reverse-engineering of UNISOC LTE protocols (long-term evolution, wireless connection standard… Continue reading Critical Vulnerability in UNISOC Devices Patched

Vulnerability in HP BIOS causes system takeover

UEFI, BIOS, Vulnerabilities, vulnerability, CVE-2021-3808, CVE-2021-3809

Following recent fixes for a large number of UEFI vulnerabilities, worldwide-known PC and laptop vendor HP is releasing a new BIOS update. This time around, two serious vulnerabilities affecting a wide range of over 200 PC and laptop models that allow code to run with kernel privileges, including driver management and BIOS access, were the… Continue reading Vulnerability in HP BIOS causes system takeover

Dark Souls 3 found an RCE vulnerability that allows taking control of someone else’s PC

Over the weekend, the developers of the Dark Souls series of games reported that the PC servers of Dark Souls: Remastered, Dark Souls 2, Dark Souls 3 and Dark Souls: PtDE are temporarily disabled due to a dangerous RCE vulnerability that allows remotely taking control of someone else’s machine. One of the first to report… Continue reading Dark Souls 3 found an RCE vulnerability that allows taking control of someone else’s PC

Critical vulnerability in Office fixed, but macOS update is delayed

As part of the January Patch Tuesday, Microsoft engineers fixed a critical vulnerability in Office that could allow attackers to remotely run malicious code on vulnerable systems. The RCE vulnerability identified as CVE-2022-21840 can be exploited on target devices with even the lowest privileges and in simple attacks that require user interaction. Basically, the user… Continue reading Critical vulnerability in Office fixed, but macOS update is delayed

Another vulnerability found in Log4j, this time it is a denial of service

Log4Shell, recently discovered in the popular logging library Log4j, which is part of the Apache Logging Project, continues to get worse, as another vulnerability has been found. This time it is time a “denial of service” vulnerability. The problem was originally discovered while catching bugs on Minecraft servers, but the Log4j library is present in… Continue reading Another vulnerability found in Log4j, this time it is a denial of service

Log4j vulnerability threatens 35,000 Java packages

Google scanned Maven Central, the largest Java repository to date, and found that the Log4j vulnerability threatened 35,863 Java packages. The packages are vulnerable to either the original Log4Shell exploit (CVE-2021-44228) or the second RCE problem discovered after the patch was released (CVE-2021-45046). This vulnerability has gripped the information security ecosystem since its disclosure on… Continue reading Log4j vulnerability threatens 35,000 Java packages

Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware

The latest of this year, December’s patch Tuesday brought fixes for six 0-day vulnerabilities in Microsoft products, including a bug in the Windows AppX Installer that uses Emotet malware to spread. Microsoft patched 67 vulnerabilities in its products this month, seven of which are classified as critical and 60 are classified as important. Separately, Microsoft… Continue reading Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware