Security Research

CVE Research

Cisco AnyConnect Vulnerabilities are Being Exploited in the Wild!

Cisco AnyConnect Secure Mobility Client allows users to connect to remote systems through a VPN. On October 26, 2022, Cisco issued a warning to its customers, stating that security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows, which are two years old, are currently bein...

CVE Research

Text4Shell: Critical Code Execution in Apache Common Text Library – Patch Now!

Apache Common Text is used for advance text handling functions such as escaping special characters and the similarity of strings (basis on Cosine, Hamming, Longest Commons Subsequence distance, etc.). The difference between strings, text lookup, etc. A code execution vulnerability( CVE-2022-42889 )i...

CVE Research

Microsoft October Patch Tuesday Addresses 84 Security Vulnerabilities Including Two Zero-day!

Microsoft has released October 2022 Patch Tuesday security updates, addressing 84 vulnerabilities. Indeed 13 are classified as critical as they allow the most severe types of vulnerabilities like privilege elevation, spoofing, or remote code execution and 71 are classified as important. However, the...

CVE Research

A Critical Vulnerability in vm2 Allows a Remote Attacker to Break Out of the Sandbox!

vm2 is a node module for creating a real sandbox in the node. It is also the most widely used Javascript sandbox library, which receives about 17.5 million downloads each month. A critical vulnerability(CVE-2022-36067) in vm2 can enable a remote attacker to escape the sandbox and execute arbitrary c...

CVE Research

Zimbra Collaboration Suite High Severity Zero-Day RCE Vulnerability is Exploited in Wild!

Zimbra Collaboration Suite (ZCS), a widely used web client and email server, has an unpatched zero-day remote code execution (RCE) vulnerability that hackers are known to be actively exploiting. The vulnerability is assigned with CVE-2022-41352 and is rated critical (CVSS v3 score: 9.8). This vulner...

CVE Research

Double Zero-day Attack: Microsoft Exchange Servers Under Active Exploitation! – Apply New Mitigations

CVE Research

“GIFSHELL” – Chain Attack in Microsoft Teams

Security researcher Bobby Rauch identified seven different vulnerabilities in Microsoft Teams. These flaws can be used in a series to achieve a new attacking technique named GIFShell attack. However, The GIFShell attack is capable of creating a reverse shell between a user and an attacker. These cra...

CVE Research

Knitting Vulnerability Assessment Tightly with Patching

Whether it was WannaCry, the biggest ransomware attack, or Petya, the attack that invaded many organizations in US and Europe, the reason for many infamous cyberattacks like these is due to missing patches. The complexity due to multiple tools in patch management and the inability of IT and security...

CVE Research

Updated: Microsoft September Patch Tuesday Addresses 63 Security Vulnerabilities, Including Two Zero-day!

Microsoft released its monthly (September’s) security update, Patch Tuesday, disclosing 63 vulnerabilities across the company’s hardware and software line. Microsoft September 2022 Patch Tuesday security update is observed to have a sharp decline from last month’s number of issues disclosed by Micro...