Microsoft could not patch this vulnerability yet again
Hive Pro
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. An improperly patched Windows vulnerability (CVE-2021-24084) can lead to local privilege escalation and information disclosure. The vulnerability was disclosed in October 2020 and even after Microsoft addressed this vulnerability in February 2021’s Patch Tuesday, …
VMware patches SSRF and arbitrary file read vulnerabilities in vCenter Server
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. VMware has released fixes to address two security flaws in vCenter Server and Cloud Foundation tracked as CVE-2021-21980 and CVE-2021-22049. The vulnerability CVE-2021-21980 (arbitrary file read) is of major concern as an attacker with …
Microsoft could not patch this vulnerability
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Microsoft released patches for 44 vulnerabilities on November 9th. CVE-2021-41379 was among them. However, installing this patch does not completely eliminate the vulnerability. An exploit for a new Windows zero-day local privilege elevation vulnerability …
Randori discovered Zero-day in Palo Alto’s GlobalProtect Firewall, affecting ~10,000 assets.
Outline Palo Alto Networks (PAN) released an update on November 10, 2021, that patched CVE-2021-3064, which was discovered and disclosed by Randori. This vulnerability affects PAN firewalls that use the GlobalProtect Portal VPN, and it allows for unauthenticated remote code execution on susceptible product installations. …
A zero-day vulnerability has been discovered in PAN’s GlobalProtect firewall
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Palo Alto Networks (PAN) released an update on November 10, 2021, that patched CVE-2021-3064, which was discovered and disclosed by Randori. This vulnerability affects PAN firewalls that use the GlobalProtect Portal VPN, and it …
Microsoft’s Patch Tuesday Security Updates for November
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. For the month of November, Microsoft has reported a total of 55 vulnerabilities, 6(CVE-2021-38666, CVE-2021-26443, CVE-2021-42279, CVE-2021-42298, CVE-2021-42316, CVE-2021-3711) of which have been rated critical. Four (CVE-2021-43208, CVE-2021-43209) of these vulnerabilities have been publicly …
HelloKitty is launching a DDoS attack by exploiting known vulnerabilities
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The FBI has issued a warning to private businesses about a new feature of the HelloKitty ransomware group (aka FiveHands). The Hello Kitty/FiveHands actor (UNC2447) employs the double extortion strategy to place undue pressure …
Adobe Illustrator 2021 has several critical Vulnerabilities
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Adobe Illustrator 2021 has an update that addresses several important vulnerabilities that might result in memory leaks, arbitrary code execution, and application denial of service. Vulnerability Details Patch Link https://helpx.adobe.com/security/products/illustrator/apsb21-98.html References https://www.marketscreener.com/quote/stock/FORTINET-INC-60103137/news/Fortinet-Security-Researcher-Discovers-Multiple-Vulnerabilities-in-Adobe-Illustrator-36835590/ …