SUBJECTMultiple Vulnerabilities in ArubaNetworks ArubaOS and SD-WAN Could Allow for Arbitrary Code Execution DESCRIPTIONMultiple vulnerabilities have been discovered in ArubaNetwork’s ArubaOS and SD-WAN, which could result in arbitrary code execution. Aruba (a Hewlett Packard Enterprise company) is the worldwide second-largest enterprise WLAN vendor after Cisco. ArubaOS is its WLAN controller system for automating WLAN management, and SD-WAN (software defined WAN) is its cloud-oriented WAN orchestration...
Read More
TroubleGrabber, a new credential stealer discovered by Netskope securityresearchers, spreads via Discord attachments and uses Discord webhooksto deliver stolen information to its operators.Several threat actors usethe new info stealer to target gamers on Discord servers and to stealtheir passwords and other sensitive information. This malware, which primarily arrives via drive-by download, steals theweb browser tokens, Discord webhook tokens, web browser passwords, andsystem information. This information...
Read More
The Department of Homeland Security Cybersecurity and InfrastructureSecurity Agency (CISA) issued an Emergency Directive on December 13,2020 in response to the compromise of the SolarWinds Orion product forall federal civilian agencies. The directive calls for all organizationsto assess their exposure to the compromise and secure their networksagainst exploitation. The following SolarWinds Orion versions are affected: Orion Platform 2019.4 HF5, version 2019.4.5200.9083Orion Platform 2020.2 RC1, version 2020.2.100.12219Orion Platform 2020.2...
Read More
DESCRIPTIONMultiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process....
Read More
DESCRIPTIONA vulnerability has been discovered in Apache Struts, which could allow for remote code execution. Apache Struts is an open source framework used for building Java web applications. Successful exploitation of this vulnerability could allow for remote code execution. Depending on the privileges associated with the user, an attacker could then install programs; view; change, or delete data; or create new accounts with full user...
Read More
