ProxyShell Attacks Pummel Unpatched Exchange Servers
CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers.
Over the weekend, the Cybersecurity & Infrastructure Security Agency...
Web Censorship Systems Can Facilitate Massive DDoS Attacks
Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks.
Researchers are warning internet censorship systems are ripe for abuse by a new type...
Critical Cisco Bug in Small Business Routers to Remain Unpatched
The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life.
A critical security vulnerability in Cisco Small Business Routers (RV110W, RV130, RV130W and RV215W...
Postmortem on U.S. Census Hack Exposes Cybersecurity Failures
Government says cybersecurity failures were many within failed January hack of U.S. Census Bureau systems.
Threat actors exploited an unpatched Citrix flaw to breach the network of the U.S....
Windows EoP Bug Detailed by Google Project Zero
Microsoft first dismissed the elevation of privilege flaw but decided yesterday that attackers injecting malicious code is worthy of attention.
Google Project Zero has apparently blown its own 90-day disclosure...
Kerberos Authentication Spoofing: Don’t Bypass the Spec
Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS.
Authentication is the front gate to security systems, so if...
Memory Bugs in BlackBerry’s QNX Embedded OS Open Devices to Attacks
The once-dominant handset maker BlackBerry is busy squashing BadAlloc bugs in its QNX real-time operating system used in cars in medical devices.
The potential danger from a raft of...
Technical Advisory – Sunhillo SureLine Unauthenticated OS Command Injection (CVE-2021-36380)
Vendor: Sunhillo
Vendor URL: https://www.sunhillo.com/
Versions affected: SureLine <= 8.7.0
Systems Affected: Any using SureLine
Author: Liam Glanfield
Advisory URL / CVE Identifier: CVE-2021-36380
Risk: Critical - complete...
Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch...
Vendor: Ivanti Pulse Secure
Vendor URL: https://www.pulsesecure.net/
Versions affected: Pulse Connect Secure (PCS) 9.11R11.5 or below
Systems Affected: Pulse Connect Secure (PCS) Appliances
Author: Richard Warren
Advisory URL: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858
CVE Identifier: CVE-2021-22937
Risk: 7.2 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The...
Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets
Valve plugs an API bug found in its Steam platform that that abused the Smart2Pay system to add unlimited funds to gamer digital wallets.
A security researcher helped Valve,...