Risk Rating: HIGH Affected Products: Google Chrome Affected Version:Versions previous to 103.0.5060.114 Patched Version: 103.0.5060.114 Vendor: Google Date: 01/07/2022 Introduction: A zero-day vulnerability was identified and disclosed to Google that affects the WebRTC (Web Real-Time Communications) component within the browser, which allows for exploitation of a Heap Buffer Overflow vulnerability. Technical details are limited at […]
Risk Rating: CRITICAL Affected Products: F5 Big-Ip Affected Version:16.1.0-16.1.2/ 15.1.0-15.1.5 / 14.1.0-14.1.4 / 13.1.0-13.1.4 /12.1.0-12.1.6 / 11.6.1-11.6.5 Patched Version: 17.0.0 / 16.1.2.2 / 15.1.5.1 / 14.1.4.6 / 13.1.5 Proof-of-Concepts available: yes Vendor: F5 Date: 04/05/2022 Introduction: F5 Big-Ip load-balancers can be abused to obtain Remote Command Execution (RCE). These devices have an administrative interface (iControl […]
Risk Rating: CRITICAL Affected Products: Avaya series; Aruba Affected Version: ERS3500/ERS3600/ERS4900/ERS5900; Aruba 5400R/3810/2920/2930F/2930M/2530/2540 Patched Version: N/A Vendor: Aruba and Avaya network switches Date: 04/05/2022 Introduction: Five critical vulnerabilities were identified within the various models of Aruba and Avaya network switches. The vulnerabilities affect the implementation of the TLS stack within those devices. Insecure memory management […]
Risk Rating: HIGH Affected Product: Java SE & Oracle GraalVM Enterprise Edition product of Oracle Java SE Affected Version: Versions 15, 16, 17 & 18, Oracle GraalVM Enterprise Edition: 21.3.1 & 22.0.0.2 Patched Version: April 2022 Critical Patch Update Vendor: Oracle Date of Disclosure: 19.04.2022 Introduction: A vulnerability exists within the implementation of ECDSA cryptographic […]
Risk Rating: HIGH Affected Product: Cisco Umbrella Virtual Appliance Affected Version: Virtual Appliance <= 3.3.2 Patched Version: Please see Remediation(s) section for more details. Vendor: Cisco Date of Disclosure: 20.04.2022 Introduction: Cisco Umbrella Virtual Applications contains a vulnerability in the key based SSH authentication mechanism which could potentially allow a remote unauthenticated attacker to impersonate […]
Another war was launched by a popular anonymous hacktivist on companies who still choose to run in Russia and pay taxes to the Russian Government. After Nestlé decided to continue operating in Russia the anonymous hackers threatened to attack them and eventually hacked into their system, leaking 10GB worth of sensitive data. Impact On 22nd […]
The Russian Government allegedly shared a list of 17,576 IP addresses that were used to target Russian organisations through distributed denial-of-service (DDoS) attacks. The National Coordination Center for Computer Incidents (NKTsKI) shared the list of IP addresses. This is an organisation created by Russia’s Federal Security Service (FSB) and both organisations worked together to defend […]
The FBI recently posted a flash alert asking for any suspicious activity linked to LockBit Ransomware to be reported immediately to the Cyber Squad. The LockBit Ransomware gang, who came on the scene in September 2019 announced the LockBit 2.0 Ransomware-as-a-Service (RaaS) in June 2021. The impact When the LockBit infection spreads, it gains the […]
WordPress’s security vendor, Jetpack, uncovered a widespread supply chain attack, which has successfully compromised 93 WordPress plugins and themes. Additionally, 53 plugins and 40 themes belonging to the developer AccessPress, had a backdoor inserted into their source code. AccessPress addons are used in over 360,000 active websites. The impact: Admins who have unknowingly installed a […]
The Jfrog security research team has discovered a vulnerability in the H2 database console. CVE-2021-42392 shares a root cause with the now infamous Log4Shell vulnerability. H2 is a popular and open-source SQL database written in java, which offers a lightweight in-memory solution, meaning data is not required to be stored on a disk. This makes […]