Zerologon Vulnerability in Windows Netlogon Remote Protocol

A critical and interesting vulnerability in the Netlogon Remote Protocol of the Windows server was patched by Microsoft team last month. This flaw discovered by the Cybersecurity firm Secura (dubbed as Zerologon), has received the highest severity score of 10.0. The vulnerability is identified as CVE-2020-1472 and allows an attacker to successfully compromise the vulnerable […]

Read More →
Microsoft Security Bulletin Summary for September 2020

Microsoft has released September Patch Tuesday security updates with a total release of 129 vulnerabilities, In which 23 are classified as Critical with Remote Code Execution(RCE) 105 are classified as important and 1 is classified as moderate that reside in the Microsoft Windows, Microsoft Exchange Server, Internet Explorer (IE), Microsoft Edge (EdgeHTML-based and Chromium-based in […]

Read More →
WordPress File Manager Plugin Under Active Exploitation

File Manager is a popular WordPress plugin that is used to manage files on WordPress sites. It allows a WordPress administrator to edit, delete, upload, download, archive, copy and paste files and folders directly from the WordPress backend. A critical remote code execution vulnerability has been identified in the WordPress File Manager plugin which allows […]

Read More →
Cisco IOS XR Zero-Day Vulnerability is Being Actively Exploited in the Wild

A high severity zero-day vulnerability has been found in Cisco IOS XR – An Internetwork Operating System (IOS) that is shipped with Cisco’s networking equipment. The vulnerability allows an unauthenticated, remote attacker to exhaust process memory and crash the other processes running on the affected device. Vulnerability Details(CVE-2020-3566 ): Cisco has released a security advisory […]

Read More →
High-Severity Remote Code Execution Vulnerability in Google Chrome

A high-severity ‘use-after-free’ vulnerability tracked as CVE-2020-6492 with a CVSSv3 base score of 8.3 exists in WebGL [Web Graphics Library] component of the Google Chrome web browser that could be used to execute arbitrary code in the context of the browser process. WebGL (Web Graphics Library) is a JavaScript API for rendering high-performance interactive 3D […]

Read More →
Critical Jenkins vulnerability can cause memory corruption and disclose sensitive information

Jenkins, an open-source automation server software released an advisory pertaining to a critical vulnerability present in its application. Jenkins enables developers to build, test, and deploy applications. This vulnerability tracked as  CVE-2019-17638 when exploited can result in memory corruption and can disclose sensitive information. It allows any unauthenticated attacker to obtain sensitive information via response […]

Read More →

Microsoft has released August Patch Tuesday security updates, addressing a total number of 120 vulnerabilities, including two Zero-days in the family of Windows operating systems and related products. Out of these, 17 are classified as Critical and 103 as Important which includes Microsoft Windows, Edge EdgeHTML-based, Chromium-based, ChakraCore, Internet Explorer, Microsoft Office, and Microsoft Office Services […]

Read More →
Vulnerability in Teamviewer for Windows Users

A high-risk vulnerability was found in TeamViewer for Windows. It is tracked as “CVE-2020-13699“, with a CVSS base score of “8.8” that could be exploited by remote attackers to crack users’ password and thereupon, lead to the further system exploitation. TeamViewer is a software application for remote control, desktop sharing, online meetings, web conferencing and […]

Read More →
SysAdminDay-2020

In early 2020, the world saw the worst pandemic humankind has seen in a long time. While all businesses and employees were shattered, you had a new challenge to deal with. While employees were struggling to adopt a new mindset and work culture for remote work, you were busy helping your business survive by changing […]

Read More →
BootHole Flaw in GRUB2 Bootloader

  A team of cybersecurity researchers found multiple vulnerabilities that affect billions of devices that run on either Windows or Linux. Affected devices include laptops, servers, workstations, or even IoT devices. GRUB2 boot loader, which is not only used by Linux but other Operating Systems where Secure Boot trusts the 3rd-party UEFI CA, is affected […]

Read More →