Browsing Category
Vulnerabilities
53 posts
Mitigating The Unpatched Office and Windows HTML RCE (CVE-2023-36884)
July 2023's Patch Tuesday released fixes for several vulnerabilities being actively exploited in the wild, but only identified mitigation for one particular unpatched zero-day that can allow HTML remote code execution as part of an initial attack.
July 18, 2023 18:32 GMT
March 2023 Patch Tuesday Closes Two Zero-Days Actively Exploited By State-Sponsored Actors
Microsoft's Patch Tuesday for March 2023 fixes more than 80 vulnerabilities, 9 of which are rated critical severity, and 2 zero-days—an Outlook Elevation of Privilege Vulnerability (CVE-2023-23397) and a Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2023-24880).
Administrators are encouraged to apply updates ASAP. If this is not possible, there are some mitigating actions to be taken.
March 15, 2023 18:37 GMT
Critical Citrix ADC and Gateway Zero-Day Actively Exploited
Citrix has announced the release of an update to Citrix ADC and Gateway Appliance which patches CVE-2022-27518, a…
December 14, 2022 19:40 GMT
Increased Scanning Activity for Recent Exchange SSRF Vulnerabilities
OCTOBER 24, 2022 21:18 GMT Attempts to exploit the chained attack utilizing CVE-2022-41040 and CVE-2022-41082 are being observed…
October 24, 2022 21:16 GMT
Microsoft Warns of Two Actively-Exploited Exchange Zero-Days
SEPTEMBER 30, 2022 19:35 GMT This alert from Pillr is intended to brief users and administrators on newly…
September 30, 2022 22:44 GMT
CISA Warns of Exploited DDoS Vulnerability Impacting Palo Alto Firewalls
A new vulnerability in Palo Alto's PAN-OS affects firewalls, opening them up to potential amplified and reflected DDoS attacks.
August 25, 2022 19:28 GMT
VMWare Patches Severe Vulnerabilities Across Multiple Platforms
Earlier this week, VMWare published a critical security advisory that addresses security vulnerabilities in multiple product lines, including…
August 4, 2022 15:00 GMT
CISA Suggests Patching Severe Vulnerability in OpenSSL
OpenSSL version 3.0.4 is susceptible to a vulnerability that allows for buffer overflow and remote code execution. CISA…
July 7, 2022 20:24 GMT
Follina Zero-Day Allows Zero-Click RCE From Office Docs
JUNE 2, 2022 19:09 GMT Microsoft Office docs are the primary vector for an actively exploited zero-day vulnerability…
June 2, 2022 15:45 GMT
CISA Advises Urgent Priority For Patching of New VMware Vulnerabilities
MAY 19, 2022 12:38 GMT CISA has issued a rare emergency directive and is advising urgent patching priority for…
May 19, 2022 00:04 GMT