Cybersecurity, 4 vulnerabilities in Azure VM management extensions OMI agent
Microsoft: They could allow an attacker to raise their privileges and remote arbitrary code execution. Furthermore, there is a PoC online.
Cybersecurity: here it comes BrakTooth, a bunch of 16 security flaws in Bluetooth stacks
Security Affairs: The vulnerabilities impact 13 chipsets from 11 vendors, and can be exploited to execute arbitrary code and crash the devices via DoS attacks.
Cybersecurity, multiple vulnerabilities in D-LINK DIR-3040 wireless router
Cisco Talos: An attacker could carry out a variety of malicious actions, including exposing sensitive information, causing a DoS and executing arbitrary code.
Cybersecurity, Kaseya patches the VSA zero-day vulnerabilities used by REvil
Bleeping Computer: The cybercrime ransomware gang probably exploited one or a combination of CVE-2021-30116, CVE-2021-30119, and CVE-2021-30120.
NAME:WRECK vulnerabilities expose over 100 million devices
JSOF and Forescout cybersecurity experts: They are 9 flows affecting DNS clients of 4 TCP/IP stacks and causing DoS or RCE.
Cybercrime, Microsoft released “One-Click Mitigation Tool” on Exchange Servers vulnerabilities
The cybersecurity experts: Customers will automatically mitigate CVE-2021-26855 on any server on which it is deployed. However, it’s not a replacement for the patch.
Cybercrime, the EBA hacked thanks to the Microsoft Exchange Server vulnerability
The EU Agency: The attack was limited and that the confidentiality of the systems and data has not been compromised.
Cyber Espionage, Microsoft released mitigation measures for Exchange server
However, the company warns: Are not a remediation, nor are they full protection against attack. The APTs threat is still active.
Cybersecurity, Update Microsoft Exchange Now!
Many state sponsored APTs are exploiting the 4 vulnerabilities, despite Microsoft patched them, to attack servers in USA, Europe, Asia and Middle East.
Cybersecurity, Microsoft patches the last 0-day Exchange Server vulnerabilities
They have been used by the China state-sponsored APT Hafnium for cyber espionage purpose against US. Update the systems now!