Cybersecurity, Microsoft releases a new bunch of security updates
They cover 55 issues in different products. Six of them are critical and have already been exploited by cybercrime actors.
Cybersecurity, Google fixed an Android critical zero-day vulnerability
It’s the CVE-2021-1048, which can be exploited for local escalation of privilege and to gain admin control over a targeted system. The security updates include 38 patches.
Cybersecurity, 4 vulnerabilities in Azure VM management extensions OMI agent
Microsoft: They could allow an attacker to raise their privileges and remote arbitrary code execution. Furthermore, there is a PoC online.
Cybersecurity: here it comes BrakTooth, a bunch of 16 security flaws in Bluetooth stacks
Security Affairs: The vulnerabilities impact 13 chipsets from 11 vendors, and can be exploited to execute arbitrary code and crash the devices via DoS attacks.
Cybersecurity, multiple vulnerabilities in D-LINK DIR-3040 wireless router
Cisco Talos: An attacker could carry out a variety of malicious actions, including exposing sensitive information, causing a DoS and executing arbitrary code.
Cybersecurity, Kaseya patches the VSA zero-day vulnerabilities used by REvil
Bleeping Computer: The cybercrime ransomware gang probably exploited one or a combination of CVE-2021-30116, CVE-2021-30119, and CVE-2021-30120.
NAME:WRECK vulnerabilities expose over 100 million devices
JSOF and Forescout cybersecurity experts: They are 9 flows affecting DNS clients of 4 TCP/IP stacks and causing DoS or RCE.
Cybercrime, Microsoft released “One-Click Mitigation Tool” on Exchange Servers vulnerabilities
The cybersecurity experts: Customers will automatically mitigate CVE-2021-26855 on any server on which it is deployed. However, it’s not a replacement for the patch.
Cybercrime, the EBA hacked thanks to the Microsoft Exchange Server vulnerability
The EU Agency: The attack was limited and that the confidentiality of the systems and data has not been compromised.
Cyber Espionage, Microsoft released mitigation measures for Exchange server
However, the company warns: Are not a remediation, nor are they full protection against attack. The APTs threat is still active.