Multiple Vulnerabilities in ArubaNetworks Instant Access Point Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in ArubaNetwork’s InstantAccess Point that could allow for arbitrary code execution. Aruba (aHewlett Packard Enterprise company) is the worldwide second-largestenterprise WLAN vendor. ArubaNetworks Instant Access Point is Wi-Fihardware which virtualizes Aruba Mobility Controller capabilities on802.11 access points (APs). Successful exploitation of thesevulnerabilities could allow an attacker to execute arbitrary code incontext of the user running the application. Depending on the...

Read More

HIGH ALERT – ACT QUICKLY: For organisations using Microsoft Exchange

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has identified extensive targeting, and has confirmed compromises, of Australian organisations with vulnerable Microsoft Exchange deployments.  The ACSC is assisting affected organisations with their incident response and remediation. The ACSC has identified a large number of Australian organisations are yet to patch vulnerable versions of Microsoft Exchange, leaving them vulnerable to compromise. The ACSC urges these...

Read More

9 Android Apps On Google Play Caught Distributing AlienBot Banker and MRAT Malware [thehackernews]

Cybersecurity researchers have discovered a new malware dropper contained in as many as 9 Android apps distributed via Google Play Store that deploys a second stage malware capable of gaining intrusive access to the financial accounts of victims as well as full control of their devices. “This dropper, dubbed Clast82, utilizes a series of techniques to avoid detection by Google Play Protect detection, completes the...

Read More

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks [thehackernews]

A new research has yielded yet another means to pilfer sensitive data by exploiting what’s the first “on-chip, cross-core” side-channel in Intel Coffee Lake and Skylake processors. Published by a group of academics from the University of Illinois at Urbana-Champaign, the findings are expected to be presented at the USENIX Security Symposium coming this August. While information leakage attacks targeting the CPU microarchitecture have been previously demonstrated...

Read More

Apple Issues Patch for Remote Hacking Bug Affecting Billions of its Devices [thehackernews]

Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari web browser to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content. Tracked as CVE-2021-1844, the vulnerability was discovered and reported to the company by Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research. According to the update notes posted...

Read More

Microsoft IOC Detection Tool for Exchange Server Vulnerabilities

Microsoft has released emergency out-of-band security updates thataddress four zero-day issues (CVE-2021-26855, CVE-2021-26857,CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchangeversions that are actively exploited in the wild. Researchers at the MS Exchange Server team have released a script thatcould be used by administrators to check if their installs arevulnerable to the recently disclosed vulnerabilities. Microsoft released the tool as open-source on GitHub, it can be...

Read More

Multiple Vulnerabilities in SolarWinds Orion and ServU-FTP Could Allow for Remote Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in SolarWinds Orion andServU-FTP, the most severe of which could allow for remote code execution. * SolarWinds Orion provides centralized monitoring across anorganization’s entire IT stack.* ServU-FTP is a multi-protocol file server capable of sending andreceiving files from other networked computers through various means. Successful exploitation of the most severe of these vulnerabilitiescould result in remote code execution that allows...

Read More

A Vulnerability in SonicWall SMA 100 Series Could Allow for SQL Injection

DESCRIPTION:A vulnerability has been discovered in the SonicWall SMA 100 Series,which could allow for SQL injection. The SonicWall SMA 100 Series is aunified secure access gateway that enables organizations to provideaccess to any application, anytime, from anywhere and any devices,including managed and unmanaged. Successful exploitation of thisvulnerability could result in SQL injection, which enables the retrievalof admin credentials. Afterwards, this retrieval can pivot into aremote-code...

Read More

Cyber Threat Alert: New Variants of KASABLANKA LodaRAT infrastructure targeting Bangladesh

Hildegard Malware [cyberflorida]

I. Targeted Software Docker Kubernetes Amazon Web Services (AWS) Microsoft Azure Google Cloud II. Introduction A hacking group referred to as “TeamTNT” has been active within the previous 8 months. In the summer of 2020, security researches identified TeamTNT as the group behind a crypto-mining malware capable of stealing local credentials and Amazon Web Services (AWS) login details.[2] TeamTNT had been targeting Docker and Kubernetes.[2]...

Read More