January 2022 – Security Threat News

QNAP force-installs update against the recent wave of DeadBolt ransomware infections

January 31, 2022 John

LINK Always interesting to see a vendor force updates.

PoC Released for Recent January 2022 Local Priv Escalation Patch – CVE-2022-21882

January 31, 2022 John

LINK More proof that you need to patch asap.

CISA Adds 8 New Known Exploited Vulnerabilities to Catalog

January 31, 2022 John

LINK CVE Number CVE Title Required Action Due Date CVE-2022-22587 Apple IOMobileFrameBuffer Memory Corruption Vulnerability 2/11/2022 CVE-2021-20038 SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability 2/11/2022 CVE-2014-7169 GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability 7/28/2022 CVE-2014-6271 GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability 7/28/2022 CVE-2020-0787 Microsoft Windows Background Intelligent Transfer Service (BITS) Improper […]

Apple Release iOS update to 15.3 to Address 0-days

January 27, 2022 John

LINK Time to update your iOS devices again.

12 Year Old Vulnerability in Linux Polkit

January 27, 2022 John

LINK Thanks to QUalys for finding this. Polkit a more fine grained way of delegation of access on Linux machines has been found to have a 12 year old vulnerability allowing for execution of code

Apache Patches Code Execution Bug

January 25, 2022 John

LINK Thanks to the ZDI guys. If you have Apache, or any device that has a built in webserver, you need to check if it has a firmware update soon.

Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access

January 25, 2022 John

LINK SonicWall have a vulnerability CVE-2021-20038 that is a RCE and its being actively exploited. Act Now

Vulnerability Summary for the Week of January 17, 2022

January 25, 2022 John

LINK Here is the new CISA weekly vulnerability list.

Breach Announcements – January 24, 2022

January 24, 2022 John

OpenSubtitles (popular online subtitles site) – almost 7 million users info Above is a list of Companies I have information for that have confirmed some sort of Breach (its obviously not complete since most never report anything, just what I hear about) Note: This is going to be a new type of post – will only […]

Microsoft Announces Plans to Turn off Excel v4.0 Macros by default

January 24, 2022 John

LINK This will be hugely helpful as many exploit kits, including Emotet use this