Collaborate Disseminate
Apple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection (SIP) bypass in macOS, and CVE-2021-30883, an iOS flaw that’s actively expl… Continue reading Apple fixes security feature bypass in macOS (CVE-2021-30892)
Researchers have unearthed 11 vulnerabilities affecting Nagios XI, a widely used enterprise IT infrastructure/network monitoring solution, some of which can be chained to allow remote code execution with root privileges on the underlying system. Attack… Continue reading Nagios XI vulnerabilities open enterprise IT infrastructure to attack
A critical vulnerability (CVE-2021-34746) that affects Cisco Enterprise NFV Infrastructure Software (NFVIS) has been patched and Cisco is urging enterprise admins to quickly upgrade to a fixed version, as proof-of-concept exploit code is already availa… Continue reading Patched: Critical bug with public PoC exploit in Cisco infrastructure virtualization software (CVE-2021-34746)
A day after the August 2021 Patch Tuesday, Microsoft has released an out-of-band security advisory acknowledging the existence of yet another Print Spooler vulnerability (CVE-2021-36958). Its discovery has been attributed to Victor Mata of FusionX, Acc… Continue reading Microsoft confirms another Windows Print Spooler bug, offers workaround (CVE-2021-36958)
A vulnerability (CVE-2021-33909) in the Linux kernel’s filesystem layer that may allow local, unprivileged attackers to gain root privileges on a vulnerable host has been unearthed by researchers. “Qualys security researchers have been able to in… Continue reading Researchers flag 7-years-old privilege escalation flaw in Linux kernel (CVE-2021-33909)
Security researchers have unearthed new elevation of privilege (EoP) bugs in Windows Print Spooler, one of the oldest Windows components. Scarce details have been shared about the first one (CVE-2021-34481), aside from the note that it “exists wh… Continue reading There are new unpatched bugs in Windows Print Spooler
CVE-2021-1675, a Windows Print Spooler vulnerability that Microsoft patched in June 2021, presents a much greater danger than initially thought: researchers have proved that it can be exploited to achieve remote code execution and – what’s … Continue reading PoC for critical Windows Print Spooler flaw leaked (CVE-2021-1675)
Attackers and bug hunters are leveraging an exploit for CVE-2020-3580 to compromise vulnerable security devices running Cisco ASA or FTD software. Active attacks apparently started after Positive Technologies researchers shared proof-of-concept (PoC) e… Continue reading Cisco security devices targeted with CVE-2020-3580 PoC exploit
In the wake of the Microsoft Exchange ProxyLogon zero-day and F5 BIG-IP security exploits earlier this year, many are questioning if and when should researchers publish proof of concepts for vulnerabilities and associated patches. Hafnium hackers were … Continue reading Is it OK to publish PoC exploits for vulnerabilities and patches?
There’s nothing quite like an actual proof-of-concept to make everyone listen. I was pleased by the PoC released by Google security engineers Stephen Röttger and Artur Janc earlier this month – in a nutshell, they showed how the Spectre vulnerabi… Continue reading Using memory encryption in web applications to help reduce the risk of Spectre attacks