New Windows Installer Zero-Day Flaw exploited in the Wild

• Post author:Ashwitha Kallalike
• Post published:November 26, 2021
• Post category:Endpoint Security/Featured Articles/Security Research and Intelligence/Vulnerability Management
• Post comments:0 Comments
• Reading time:3 mins read

Microsoft recently patched a Windows Installer Elevation of Privilege vulnerability tracked as CVE-2021-41379 in its November Patch Tuesday. As we…

Continue ReadingNew Windows Installer Zero-Day Flaw exploited in the Wild

Apache HTTP Server Zero-Day Vulnerability Exploited in the Wild

• Post author:Ashwitha Kallalike
• Post published:October 6, 2021
• Post category:Security Research and Intelligence/Vulnerability Management
• Post comments:0 Comments
• Reading time:3 mins read

Apache HTTP server recently fixed two security vulnerabilities, out of which a wildly exploited Zero-Day flaw was also existing. Attackers…

Continue ReadingApache HTTP Server Zero-Day Vulnerability Exploited in the Wild

A Critical Vulnerability in Atlassian Confluence Server Under Active Exploitation

• Post author:Ashwitha Kallalike
• Post published:September 3, 2021
• Post category:Featured Articles/SCAP Feed/Security Research and Intelligence/Vulnerability Management
• Post comments:0 Comments
• Reading time:3 mins read

Atlassian Confluence recently published a security advisory to patch a critical OGNL(Object-Graph Navigation Language) injection vulnerability existing in Confluence Server…

Continue ReadingA Critical Vulnerability in Atlassian Confluence Server Under Active Exploitation

Cisco Patches Critical and High Severity Flaws in Its VPN Routers

• Post author:Ashwitha Kallalike
• Post published:August 6, 2021
• Post category:Endpoint Security and Management/Security Research and Intelligence/Vulnerability Management
• Post comments:0 Comments
• Reading time:3 mins read

Cisco is one of the popularly known firms for manufacturing networking products along with developing software products. Recently it addressed…

Continue ReadingCisco Patches Critical and High Severity Flaws in Its VPN Routers

Google Chrome Patches Another High Severity Zero-Day Flaw Exploited in the Wild

• Post author:Ashwitha Kallalike
• Post published:June 18, 2021
• Post category:Patch Management/Security Research and Intelligence/Vulnerability Management
• Post comments:0 Comments
• Reading time:2 mins read

Google has released an emergency fix for its Chrome browser app in Windows, Linux, and Mac. This consists of four…

Continue ReadingGoogle Chrome Patches Another High Severity Zero-Day Flaw Exploited in the Wild

WinRM servers are the latest preys for the Wormable Windows HTTP vulnerability

• Post author:Ashwitha Kallalike
• Post published:May 24, 2021
• Post category:Endpoint Security and Management/Patch Management/Security Research and Intelligence
• Post comments:0 Comments
• Reading time:4 mins read

Microsoft recently patched a critical remote code execution vulnerability in the HTTP Protocol Stack (http. sys), used by the Windows…

Continue ReadingWinRM servers are the latest preys for the Wormable Windows HTTP vulnerability

Second Zero-Day Exploit for Google Chrome in the Same Week

• Post author:Ashwitha Kallalike
• Post published:April 16, 2021
• Post category:Patch Management
• Post comments:0 Comments
• Reading time:3 mins read

Google Chrome users who were relieved by patching the recent zero-day advisory are taken aback by the news of another…

Continue ReadingSecond Zero-Day Exploit for Google Chrome in the Same Week

Critical Code Execution Vulnerability in Adobe ColdFusion

• Post author:Ashwitha Kallalike
• Post published:March 23, 2021
• Post category:Security Research and Intelligence/Vulnerability Management
• Post comments:0 Comments
• Reading time:2 mins read

Adobe has released a critical security update that impacted Adobe ColdFusion and is assigned with a priority rating of 2.…

Continue ReadingCritical Code Execution Vulnerability in Adobe ColdFusion

Multiple Flaws in Orbit Fox WordPress Plugin Allow a Complete Takeover of Sites

• Post author:Ashwitha Kallalike
• Post published:January 18, 2021
• Post category:Security Research and Intelligence/Vulnerability Management
• Post comments:0 Comments
• Reading time:4 mins read

The Threat Intelligence team of Wordfence discovered two security vulnerabilities in the Orbit Fox WordPress plugin on November 19, 2020.…

Continue ReadingMultiple Flaws in Orbit Fox WordPress Plugin Allow a Complete Takeover of Sites

Alert! Zerologon: Your Windows Domain Controller Can’t Handle Zero Properly (CVE-2020-1472)

• Post author:Ashwitha Kallalike
• Post published:September 17, 2020
• Post category:Endpoint Security/Endpoint Security and Management/Patch Management/Security Research and Intelligence
• Post comments:4 Comments
• Reading time:4 mins read

A critical and interesting vulnerability in the Netlogon Remote Protocol of the Windows server was patched by Microsoft team last…

Continue ReadingAlert! Zerologon: Your Windows Domain Controller Can’t Handle Zero Properly (CVE-2020-1472)