Oracle January 2021 Critical Patch Update Includes Fixes for Five Critical WebLogic Flaws (CVE-2021-2109)
January 20, 2021Oracle’s first Critical Patch Update of 2021 addressed 329 security updates across 25 product families, including five new critical flaws in Oracle WebLogic Server. Background On January 19, Oracle ...
DNSpooq: Seven Vulnerabilities Identified in dnsmasq
January 20, 2021Researchers identify seven vulnerabilities in popular Domain Name System software. Background On January 19, researchers from the JSOF Research lab disclosed seven vulnerabilities in dnsmasq, a wide...
Microsoft’s January 2021 Patch Tuesday Addresses 83 CVEs
January 12, 2021In its first Patch Tuesday of 2021, Microsoft patched 83 CVEs including 10 critical vulnerabilities Microsoft patched 83 CVEs in the January 2021 Patch Tuesday release, including 10 CVEs rated as cri...
Solorigate: SolarWinds Orion Platform Contained a Backdoor Since March 2020 (SUNBURST)
December 14, 2020Nation-state threat actors breached the supply chain of a popular IT management software provider in order to infiltrate government agencies and private companies. Update December 30: The Analysis, S...
AMNESIA:33: Researchers Disclose 33 Vulnerabilities Across Four Open Source TCP/IP Libraries
December 9, 2020The vulnerabilities disclosed affect millions of Operational Technology, IoT and IT devices and include multiple remote code execution flaws. Update October 11: The Identifying affected systems s...
CVE-2020-4006: VMware Command Injection Flaw Exploited by Russian State-Sponsored Threat Actors
December 8, 2020The National Security Agency warns that Russian state-sponsored threat actors are exploiting an important VMware vulnerability in the wild. Background On December 7, the National Security Agency (NS...
CVE-2020-27125, CVE-2020-27130, CVE-2020-27131: Pre-Authentication Vulnerabilities in Cisco Security Manager Disclosed
November 17, 2020Following the publication of proof-of-concept (PoC) code, Cisco released three advisories for multiple vulnerabilities silently patched in a recent update. Organizations should apply these patches imm...
CVE-2020-14871: Critical Buffer Overflow in Oracle Solaris Exploited in the Wild as Zero-Day
November 5, 2020Researchers disclose critical zero-day vulnerability in Oracle Solaris that was exploited in the wild by an uncategorized threat actor. Background On November 2, researchers at FireEye published a b...
CVE-2020-16846, CVE-2020-25592: Critical Vulnerabilities in Salt Framework Disclosed
November 4, 2020SaltStack recommends immediate patching after their disclosure of three new vulnerabilities, two of which are rated critical and can be remotely exploited without authentication. Background On Octob...
CVE-2020-15999, CVE-2020-17087: Google Chrome FreeType and Microsoft Windows Kernel Zero Days Exploited in the Wild
November 2, 2020A pair of zero-day vulnerabilities in Google Chrome (CVE-2020-15999) and Microsoft Windows (CVE-2020-17087) were chained together and exploited in the wild in targeted attacks. A separate Chrome vulne...
CVE-2020-14882: Oracle WebLogic Remote Code Execution Vulnerability Exploited in the Wild
October 29, 2020A remote code execution vulnerability in Oracle WebLogic Server has been actively exploited in the wild just one week after a patch was released and one day after a proof of concept was published.Upda...
Government Agencies Warn of State-Sponsored Actors Exploiting Publicly Known Vulnerabilities
October 23, 2020State-sponsored actors from Russia and China are leveraging several of the same publicly known vulnerabilities in their attacks, all of which have patches available. On October 20, the National Secur...