Zerologon Attacks Against Microsoft DCs Snowball in a Week

The attempted compromises, which could allow full control over Active Directory identity services, are flying thick and fast just a week after active exploits of CVE-2020-1472 were first flagged. Continue reading Zerologon Attacks Against Microsoft DCs Snowball in a Week

WhatsApp Spyware Attack: Uncovering NSO Group Activity

John Scott-Railton with Citizen Lab, who helped WhatsApp investigate the NSO Group over the alleged WhatsApp hack, said the subsequent lawsuit is a “certified big deal.” Continue reading WhatsApp Spyware Attack: Uncovering NSO Group Activity

WhatsApp Flaw Opens Android Devices to Remote Code Execution

A double-free bug could allow an attacker to achieve remote code execution; users are encouraged to update to a patched version of the messaging app. Continue reading WhatsApp Flaw Opens Android Devices to Remote Code Execution

Exchange Privilege Elevation Vulnerability Addressed by Microsoft Patches

Exchange hack problem
Exchange hack problem

The recent exposure of a privilege elevation vulnerability that exists in the control Exchange has over Active Directory and EWS push notifications is fixed by cumulative updates for Exchange 2013, Exchange 2016, and Exchange 2019 and a roll-up update for Exchange 2010 SP3. These changes mark an architectural modification for Exchange, something that Microsoft is loathe to do outside major releases. Install the updates now!

The post Exchange Privilege Elevation Vulnerability Addressed by Microsoft Patches appeared first on Petri.

Continue reading Exchange Privilege Elevation Vulnerability Addressed by Microsoft Patches

Joomla Joomla! Two Critical Flaws Discovered — Update to Protect Your Site

Joomla – the world’s second popular open source Content Management System (CMS) software packages, has just released the latest version of its CMS, which includes patches for two critical security vulnerabilities and a bug fix.
<!– adsense –>
The two critical flaws, both exist in the Joomla Core functionalities, include Account Creation Vulnerability (CVE-2016-8870) and Elevated Privileges

Continue reading Joomla Joomla! Two Critical Flaws Discovered — Update to Protect Your Site