SonicWall SMA 100 zero-day exploit actively used in the wild

Posted by & filed under Ειδοποιήσεις.

A SonicWall SMA 100 zero-day vulnerability is being actively exploited in the wild, according to a tweet by cybersecurity firm NCC Group. On January 22nd, SonicWall disclosed that they suffered an attack on their internal systems using a “probable” zero-day vulnerability in specific SonicWall networking devices. While SonicWall investigates the vulnerability and has not provided many details, they… Read more »

Microsoft January 2021 Patch Tuesday fixes 83 flaws, 1 zero-day

Posted by & filed under Ειδοποιήσεις.

With the January 2021 Patch Tuesday security updates release, Microsoft has released fixes for 83 vulnerabilities, with ten classified as Critical and 73 as Important. There is also one zero-day and one previously disclosed vulnerabilities fixed as part of the January 2021 updates. For information about the non-security Windows updates, you can read about today’s Windows 10 KB4598229… Read more »

VMware fixes zero-day vulnerability reported by the NSA

Posted by & filed under Ειδοποιήσεις.

VMware has released security updates to address a zero-day vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The vulnerability is a command injection bug tracked as CVE-2020-4006 and publicly disclosed two weeks ago. While it did not issue any security updates at the time it disclosed the zero-day, VMware provided a workaround to help… Read more »

VMware discloses critical zero-day vulnerability in Workspace One

Posted by & filed under Ειδοποιήσεις.

VMware has released a workaround to address a critical zero-day in multiple VMware Workspace One components that allows attackers to execute commands on the host Linux and Windows operating systems using escalated privileges. Zero-days are publicly disclosed vulnerabilities not yet patched by the vendor. In some cases, zero-days are also actively exploited in the wild… Read more »

Cisco discloses AnyConnect VPN Zero-Day – Exploit code available!

Posted by & filed under Ειδοποιήσεις.

Cisco has disclosed today a zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client software with proof-of-concept exploit code publicly available. While security updates are not yet available for this arbitrary code execution vulnerability, Cisco is working on addressing the zero-day, with a fix coming in a future AnyConnect client release. However, the Cisco AnyConnect Secure Mobility Client security flaw has… Read more »