Vulnerability Alert: Heap Buffer Overflow in WebRTC

Risk Rating: HIGH Affected Products: Google Chrome Affected Version:Versions previous to 103.0.5060.114 Patched Version: 103.0.5060.114 Vendor: Google Date: 01/07/2022 Introduction: A zero-day vulnerability was identified and disclosed to Google that affects the WebRTC (Web Real-Time Communications) component within the browser, which allows for exploitation of a Heap Buffer Overflow vulnerability. Technical details are limited at […]

Vulnerability Alert: CVE-2022-1388 — F5 Big-Ip

Risk Rating: CRITICAL Affected Products: F5 Big-Ip Affected Version:16.1.0-16.1.2/ 15.1.0-15.1.5 / 14.1.0-14.1.4 / 13.1.0-13.1.4 /12.1.0-12.1.6 / 11.6.1-11.6.5 Patched Version: 17.0.0 / 16.1.2.2 / 15.1.5.1 / 14.1.4.6 / 13.1.5 Proof-of-Concepts available: yes Vendor: F5 Date: 04/05/2022 Introduction: F5 Big-Ip load-balancers can be abused to obtain Remote Command Execution (RCE). These devices have an administrative interface (iControl […]

Vulnerability Alert: TLStorm 2

Risk Rating: CRITICAL Affected Products: Avaya series; Aruba Affected Version: ERS3500/ERS3600/ERS4900/ERS5900; Aruba 5400R/3810/2920/2930F/2930M/2530/2540 Patched Version: N/A Vendor: Aruba and Avaya network switches Date: 04/05/2022 Introduction: Five critical vulnerabilities were identified within the various models of Aruba and Avaya network switches. The vulnerabilities affect the implementation of the TLS stack within those devices. Insecure memory management […]

Vulnerability Alert: CVE-2022-21449 – Psychic Signatures

Risk Rating: HIGH   Affected Product: Java SE & Oracle GraalVM Enterprise Edition product of Oracle Java SE  Affected Version: Versions 15, 16, 17 & 18, Oracle GraalVM Enterprise Edition: 21.3.1 & 22.0.0.2  Patched Version: April 2022 Critical Patch Update   Vendor: Oracle   Date of Disclosure: 19.04.2022  Introduction: A vulnerability exists within the implementation of ECDSA cryptographic […]

Vulnerability Alert: CVE-2022-20773 – Default SSH Host Key

Risk Rating: HIGH Affected Product: Cisco Umbrella Virtual Appliance  Affected Version: Virtual Appliance <= 3.3.2  Patched Version: Please see Remediation(s) section for more details.  Vendor: Cisco  Date of Disclosure: 20.04.2022  Introduction: Cisco Umbrella Virtual Applications contains a vulnerability in the key based SSH authentication mechanism which could potentially allow a remote unauthenticated attacker to impersonate […]

Nestlé Operating in Russia Causes Data Breach

Nestlé Operating in Russia

Another war was launched by a popular anonymous hacktivist on companies who still choose to run in Russia and pay taxes to the Russian Government. After Nestlé decided to continue operating in Russia the anonymous hackers threatened to attack them and eventually hacked into their system, leaking 10GB worth of sensitive data. Impact On 22nd […]

Russians Leak 17,000 IPs Allegedly Led To DDoS Attacks

ddos attacks

The Russian Government allegedly shared a list of 17,576 IP addresses that were used to target Russian organisations through distributed denial-of-service (DDoS) attacks. The National Coordination Center for Computer Incidents (NKTsKI) shared the list of IP addresses. This is an organisation created by Russia’s Federal Security Service (FSB) and both organisations worked together to defend […]

FBI Raises Awareness on the LockBit Ransomware Operation

Lockbit Ransomware

The FBI recently posted a flash alert asking for any suspicious activity linked to LockBit Ransomware to be reported immediately to the Cyber Squad. The LockBit Ransomware gang, who came on the scene in September 2019 announced the LockBit 2.0 Ransomware-as-a-Service (RaaS) in June 2021. The impact When the LockBit infection spreads, it gains the […]

90 WordPress Plugins and Themes Hit in a Huge Supply Chain Attack

WordPress Plugins

WordPress’s security vendor, Jetpack, uncovered a widespread supply chain attack, which has successfully compromised 93 WordPress plugins and themes. Additionally, 53 plugins and 40 themes belonging to the developer AccessPress, had a backdoor inserted into their source code. AccessPress addons are used in over 360,000 active websites. The impact: Admins who have unknowingly installed a […]

Log4Shell Vulnerability Conditions Mimicked in H2 Database Console

H2 Database Console

The Jfrog security research team has discovered a vulnerability in the H2 database console. CVE-2021-42392 shares a root cause with the now infamous Log4Shell vulnerability. H2 is a popular and open-source SQL database written in java, which offers a lightweight in-memory solution, meaning data is not required to be stored on a disk. This makes […]

Risk Crew