Two Active Directory bugs with vulnerability-chaining capabilities allow attackers to impersonate regular domain users to gain privileges and get access in unpatched Microsoft Windows Active Directory.
While all vulnerabilities listed by CISA are critical and should be prioritized for patching, five vendors stand out from the rest with the most number of CVEs associated with their products.
Thousands of Azure users and millions of endpoints are impacted by ‘OMIGOD’ zero-days,” was the initial outburst when the open-source vulnerabilities were disclosed. Many Azure customers are unwittingly putting themselves in danger.
The FBI, CISA, and the Cyber Guard (CGCYBERs) warned of a serious vulnerability (CVE-2021-40539) in a single Zoho Signup and Password Management Solution that State Advanced Persistent Threat (APT) actors are actively scanning the internet for vulnerable servers.
The LockFile ransomware group has been actively exploiting the Microsoft Exchange ProxyShell vulnerabilities. Read our analysis to understand how you can protect yourself from a potential ransomware attack.
CSW Pentester’s have released a script to detect the Windows Print Spooler Remote Code Execution Vulnerability. Running the script can help organizations detect connected devices that could be vulnerable to exploits.