LINK Always interesting to see a vendor force updates.
Month: January 2022
PoC Released for Recent January 2022 Local Priv Escalation Patch – CVE-2022-21882
LINK More proof that you need to patch asap.
CISA Adds 8 New Known Exploited Vulnerabilities to Catalog
LINK CVE Number CVE Title Required Action Due Date CVE-2022-22587 Apple IOMobileFrameBuffer Memory Corruption Vulnerability 2/11/2022 CVE-2021-20038 SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability 2/11/2022 CVE-2014-7169 GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability 7/28/2022 CVE-2014-6271 GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability 7/28/2022 CVE-2020-0787 Microsoft Windows Background Intelligent Transfer Service (BITS) Improper […]
Apple Release iOS update to 15.3 to Address 0-days
LINK Time to update your iOS devices again.
12 Year Old Vulnerability in Linux Polkit
LINK Thanks to QUalys for finding this. Polkit a more fine grained way of delegation of access on Linux machines has been found to have a 12 year old vulnerability allowing for execution of code
Apache Patches Code Execution Bug
LINK Thanks to the ZDI guys. If you have Apache, or any device that has a built in webserver, you need to check if it has a firmware update soon.
Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access
LINK SonicWall have a vulnerability CVE-2021-20038 that is a RCE and its being actively exploited. Act Now
Vulnerability Summary for the Week of January 17, 2022
LINK Here is the new CISA weekly vulnerability list.
Breach Announcements – January 24, 2022
OpenSubtitles (popular online subtitles site) – almost 7 million users info Above is a list of Companies I have information for that have confirmed some sort of Breach (its obviously not complete since most never report anything, just what I hear about) Note: This is going to be a new type of post – will only […]
Microsoft Announces Plans to Turn off Excel v4.0 Macros by default
LINK This will be hugely helpful as many exploit kits, including Emotet use this