Update on SolarWinds Supply-Chain Attack: SUNSPOT and New Malware Family Associations
New research has been published that expands the security community’s understanding of the breadth and depth of the SolarWinds attack.…
SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know
On Dec. 12, 2020, FireEye provided detailed information on a widespread attack campaign involving a backdoored component of the SolarWinds Orion platform.…
SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know
When combined, a new pair of SaltStack vulnerabilities can result in unauthenticated remote root access on a target system.…
Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know
Attackers opting for tricks instead of treats this week as they seek out and attempt to compromise internet-facing WebLogic servers that are vulnerable to CVE-2020-14882.…
HP Device Manager Cavalcade of Critical CVEs (CVE-2020-6925:6927): What You Need to Know
HP released a security bulletin on Sept. 25, 2020, disclosing a set of vulnerabilities in HP Device Manager.…
Remote Code Execution Risks in Secomea, Moxa, and HMS eWon ICS VPN Vulnerabilities: What You Need to Know
On Wednesday, July 28, 2020, researchers at Claroty released information on a number of critical remote code execution vulnerabilities across products of three industrial control system (ICS) vendors’ — HMS, Secomea, and Moxa — remote access technologies.…
CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability: What You Need to Know
On July 22, Cisco released a patch for a high-severity read-only patch traversal vulnerability in its Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products.…
Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350): What You Need to Know
On Tuesday, July 14, 2020, Microsoft released a patch for a 17-year-old remote code execution (RCE) vulnerability in Windows Domain Name System (DNS) servers discovered by Check Point researchers.…
CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server (AS) Java
The new SAP vulnerability (RECON), a critical vulnerability affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard, is a huge deal.…
CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed
On Monday, June 29, 2020, Palo Alto released details on CVE-2020-2021 a new, critical weakness in SAML authentication on PAN-OS devices.…
The Masked SYNger: Investigating a Traffic Phenomenon
At the beginning of 2020, Rapid7 and other researchers began noticing increased scanning activity against a variety of TCP ports.…
May 2020 Cisco Remote Vulnerabilities Guidance
Cisco has posted patches for 34 vulnerabilities on May 6, 2020, with half a dozen that require your immediate attention.…
CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview
On April 22, Sophos received a report documenting a suspicious field value visible in the management interface of an XG Firewall.…
Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)
As of March 24, there were over 350,000 Microsoft Exchange servers exposing a version of the software with a vulnerability.…
Dispelling Zoom Bugbears: What You Need to Know About the Latest Zoom Vulnerabilities
In this blog, we break down what you need to know about the recent Zoom security issues and its vulnerability remediation process.…