Vulnerabilities are Beyond What You Think
CVEs or Software vulnerabilities comprise only a part of security risks in the IT security landscape. Attack surfaces are massive with numerous security risks that must be treated equally...
ZOOM Zero-Day Vulnerability Allows Remote Code Execution
A zero-day vulnerability in Zoom for Windows may be exploited by an attacker to execute arbitrary code on a victim’s computer. The attack doesn’t trigger a security warning and...
Kerberos Authentication Spoofing: Don’t Bypass the Spec
Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS.
Authentication is the front gate to security systems, so if...
Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)
Vendor: Dell / PC-Doctor
Vendor URL: https://www.dell.com/support/contents/en-uk/article/product-support/self-support-knowledgebase/software-and-downloads/supportassist
Versions affected: SupportAssist for Windows version 3.7 or higher, between 2020-08-28 and 2020-10-22
Systems Affected: Windows
Author: richard.warrennccgroupcom
Advisory URL: https://www.dell.com/support/kbdoc/000184012
CVE Identifier: CVE-2021-21518
Risk: CVSSv3.1: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Summary
When running...
Actively Exploited Zero-Day Bug Patched by Microsoft
Microsoft’s May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments.
Microsoft has revealed 73 new patches...
Not with a Bang but a Whisper: The Shift to Stealthy C2
DoH! Nate Warfield, CTO of Prevailion, discusses new stealth tactics threat actors are using for C2, including Malleable C2 from Cobalt Strike’s arsenal.
Scammers Target NFT Discord Channel
Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.
Discord a public chat application designed for gamers has grown...
Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure
The ‘TLStorm’ vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure.
Three critical security vulnerabilities in widely used...
Daycare Webcam Service Exposes 12,000 User Accounts
NurseryCam suspends service across 40 daycare centers until a security fix is in place.
NurseryCam, a webcam service used across 40 daycare centers in the U.K. by parents who want...
Back-to-Back PlayStation 5 Hacks Hit on the Same Day
Cyberattackers stole PS5 root keys and exploited the kernel, revealing rampant insecurity in gaming devices.
A pair of PlayStation 5 breaches shows the consoles don’t have protection from attackers taking...
