Two Active Directory Bugs Lead to Easy Windows Domain Takeover
Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12.
A proof-of-concept tool has been published that leverages...
Third Log4J Bug Can Trigger DoS; Apache Issues Patch
The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI....
Brand-New Log4Shell Attack Vector Threatens Local Hosts
The discovery, which affects services running as localhost that aren’t exposed to any network or the internet, vastly widens the scope of attack possibilities.
Defenders will once again be busy...
Relentless Log4j Attacks Include State Actors, Possible Worm
More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell.
Call it a “logjam” of threats: Attackers including nation-state actors have already targeted...
Technical Advisory – Lenovo ImController Local Privilege Escalation (CVE-2021-3922, CVE-2021-3969)
Vendor: Lenovo
Vendor URL: https://www.lenovo.com/
Versions affected: 1.1.20.2
Systems Affected: Windows
Author: [email protected]
Advisory URL: https://support.lenovo.com/us/en/product_security/LEN-75210
CVE Identifier: CVE-2021-3922, CVE-2021-3969
Risk: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R CVSSv3.1: 7.1
Summary
The ImController service comes installed on certain Lenovo devices, for example NCC found...
SAP Kicks Log4Shell Vulnerability Out of 20 Apps
SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality.
SAP has...
Where the Latest Log4Shell Attacks Are Coming From
Analysts find at least 10 Linux botnets actively exploiting Log4Shell flaw.
Cybersecurity professionals across the world have been scrambling to shore up their systems against a critical remote code-execution (RCE)...
Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack
The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.”
An excruciating, easily exploited flaw in the ubiquitous...
Next-Gen Maldocs & How to Solve the Human Vulnerability
Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight...
Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Stored XSS
Vendor: SonicWall
Vendor URL: https://www.sonicwall.com/
Versions affected: 10.2.0.8-37sv, 10.2.1.1-19sv
Systems Affected: SMA 100 Series (SMA 200, 210, 400, 410, 500v)
Author: Richard Warren
Risk: CVSS 8.2 (High)
Summary
SonicWall SMA 100 Series appliances running firmware...