Please consider updating your browser. Some parts of the website may not function as intended.

Vulnerability Alert: Heap Buffer Overflow in WebRTC

Risk Rating: HIGH Affected Products: Google Chrome Affected Version:Versions previous to 103.0.5060.114 Patched Version: 103.0.5060.114 Vendor: Google Date: 01/07/2022 Introduction: A zero-day vulnerability was identified and disclosed to Google that affects the WebRTC (Web Real-Time Communications) component within the browser, which allows for exploitation of a Heap Buffer Overflow vulnerability. Technical details are limited at […]

Vulnerability Alert: CVE-2022-21449 – Psychic Signatures

Risk Rating: HIGH   Affected Product: Java SE & Oracle GraalVM Enterprise Edition product of Oracle Java SE  Affected Version: Versions 15, 16, 17 & 18, Oracle GraalVM Enterprise Edition: 21.3.1 & 22.0.0.2  Patched Version: April 2022 Critical Patch Update   Vendor: Oracle   Date of Disclosure: 19.04.2022  Introduction: A vulnerability exists within the implementation of ECDSA cryptographic […]

Vulnerability Alert: CVE-2022-20773 – Default SSH Host Key

Risk Rating: HIGH Affected Product: Cisco Umbrella Virtual Appliance  Affected Version: Virtual Appliance <= 3.3.2  Patched Version: Please see Remediation(s) section for more details.  Vendor: Cisco  Date of Disclosure: 20.04.2022  Introduction: Cisco Umbrella Virtual Applications contains a vulnerability in the key based SSH authentication mechanism which could potentially allow a remote unauthenticated attacker to impersonate […]

90 WordPress Plugins and Themes Hit in a Huge Supply Chain Attack

WordPress Plugins

WordPress’s security vendor, Jetpack, uncovered a widespread supply chain attack, which has successfully compromised 93 WordPress plugins and themes. Additionally, 53 plugins and 40 themes belonging to the developer AccessPress, had a backdoor inserted into their source code. AccessPress addons are used in over 360,000 active websites. The impact: Admins who have unknowingly installed a […]

Log4Shell Vulnerability Conditions Mimicked in H2 Database Console

H2 Database Console

The Jfrog security research team has discovered a vulnerability in the H2 database console. CVE-2021-42392 shares a root cause with the now infamous Log4Shell vulnerability. H2 is a popular and open-source SQL database written in java, which offers a lightweight in-memory solution, meaning data is not required to be stored on a disk. This makes […]

Severe Vulnerability Discovered in Java Logging Package – Log4j

Code for ethical hacking and security testing

Some of you may know, a severe vulnerability was discovered in Log4j, a Java logging package. This ubiquitous package is included in products such as Apache and Apple products. Worse yet, this component is so widely used — that it is believed to be within multiple components within applications. This means that security teams worldwide […]

Siege Warfare – WordPress Sites Under Attack for 36 hours

Wordpress Plugins Hacked

WordPress sites have been under attack for 36 hours, from 16,000 IP addresses. Threat Intelligence Analysts from Wordfence, have reported an ongoing assault against 1.6 million WordPress sites. The traffic originates from 16,000 IPs and threat actors appear to be targeting four WordPress plugins and fifteen Epsilon Framework themes. One of which has no patch […]

Hundreds of Vulnerabilities in Common Wi-Fi Routers Affect Millions

Vulnerabilities in Common Wi-Fi Routers

Researchers from the German IT Magazine publisher CHIP discovered hundreds of potential vulnerabilities across nine vendors of popular wireless routers. The following vendors could be affected: Asus AVM D-Link Netgear Edimax TP-Link Synology Linksys The researchers analysed the configuration of network devices using the IoT Inspector’s firmware security platform, which performs automated checks for thousands […]

Microsoft Exchange Servers Compromised in Reply-Chain Attacks

microsoft exchange servers

Threat actors are leverage known vulnerabilities against unpatched exchange servers to distribute malware and avoid detection by abusing internal reply-chain emails. TrendMicro researchers have discovered that threat actors have distributed malicious emails to internal employees on corporate networks through an interesting tactic. They start by exploiting Microsoft exchange servers which remain vulnerable to ProxyLogon and […]

Microsoft WPBT Vulnerability Allow Hackers to Install Rootkits on Windows Devices

Microsoft WPBT Vulnerability

Security researchers from the Eclypsium research team have discovered a vulnerability in the Windows Platform Binary Table (WPBT) that allows attackers to install rootkits on all Windows devices shipped since 2012. WBPT is a fixed firmware ACPI (Advanced Configuration and Power Interface), introduced in Windows 8 to allow vendors to execute programs when the devices […]

Risk Crew