by CIRT Team
Microsoft IOC Detection Tool for Exchange Server Vulnerabilities
Microsoft has released emergency out-of-band security updates thataddress four zero-day issues (CVE-2021-26855, CVE-2021-26857,CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchangeversions that are actively exploited in the wild. Researchers at the MS Exchange Server team have released a script thatcould be used by administrators to check if their installs arevulnerable to the recently disclosed vulnerabilities. Microsoft released the tool as open-source on GitHub, it can be...
Read More
by CIRT Team
Multiple Vulnerabilities in SolarWinds Orion and ServU-FTP Could Allow for Remote Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in SolarWinds Orion andServU-FTP, the most severe of which could allow for remote code execution. * SolarWinds Orion provides centralized monitoring across anorganization’s entire IT stack.* ServU-FTP is a multi-protocol file server capable of sending andreceiving files from other networked computers through various means. Successful exploitation of the most severe of these vulnerabilitiescould result in remote code execution that allows...
Read More
by CIRT Team
A Vulnerability in SonicWall SMA 100 Series Could Allow for SQL Injection
DESCRIPTION:A vulnerability has been discovered in the SonicWall SMA 100 Series,which could allow for SQL injection. The SonicWall SMA 100 Series is aunified secure access gateway that enables organizations to provideaccess to any application, anytime, from anywhere and any devices,including managed and unmanaged. Successful exploitation of thisvulnerability could result in SQL injection, which enables the retrievalof admin credentials. Afterwards, this retrieval can pivot into aremote-code...
Read More
by CIRT Team
by CIRT Team
Hildegard Malware [cyberflorida]
I. Targeted Software Docker Kubernetes Amazon Web Services (AWS) Microsoft Azure Google Cloud II. Introduction A hacking group referred to as “TeamTNT” has been active within the previous 8 months. In the summer of 2020, security researches identified TeamTNT as the group behind a crypto-mining malware capable of stealing local credentials and Amazon Web Services (AWS) login details.[2] TeamTNT had been targeting Docker and Kubernetes.[2]...
Read More
by CIRT Team
Multiple Vulnerabilities in Cisco VPN Routers Could Allow for Arbitrary Code Execution.
DESCRIPTION:Multiple vulnerabilities have been discovered in Cisco VPN Routers, themost severe of which could allow for arbitrary code execution as theroot user of an affected device. These VPN routers are often used toconnect hosts via the router hardware as opposed to individualinstallations on each device. Successful exploitation of the most severe of these vulnerabilitiescould allow for arbitrary code execution in the context of the root...
Read More
by CIRT Team
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in Apple Products, themost severe of which could allow for arbitrary code execution. * tvOS is an operating system for the fourth-generation Apple TV digitalmedia player.* watchOS is the mobile operating system for the Apple Watch and isbased on the iOS operating system.* iPadOS is the successor to iOS 12 and is a mobile operating system foriPads.* iOS is a...
Read More
by CIRT Team
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in the Google Androidoperating system (OS), the most severe of which could allow for remotecode execution. Android is an operating system developed by Google formobile devices, including, but not limited to, smartphones, tablets, andwatches. Successful exploitation of the most severe of thesevulnerabilities could allow for remote code execution within the contextof a privileged process. Depending on the privileges associated withthis...
Read More
by CIRT Team
A Vulnerability in GnuPG Libgcrypt Could Allow for Arbitrary Code Execution
DESCRIPTION:A vulnerability has been discovered in GNU Libgcrypt, which could allowfor arbitrary code execution. Libgcrypt is a generic cryptographiclibrary offered as part of GNU Privacy Guard (GnuPG) software suite toprovide building blocks for carrying out cryptographic tasks such asencrypting and signing data and communications. It is shipped with mostLinux distributions including Ubuntu and Fedora. Successful exploitationof this vulnerability could result in arbitrary code execution in...
Read More
by CIRT Team
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in Apple Products, themost severe of which could allow for arbitrary code execution. * tvOS is an operating system for the fourth-generation Apple TV digitalmedia player.* watchOS is the mobile operating system for the Apple Watch and isbased on the iOS operating system.* iPadOS is the successor to iOS 12 and is a mobile operating system foriPads.* iOS is a...
Read More
