HackDig : Dig high-quality web security articles for hackers

VERT Threat Alert: February 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s February 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-928 on Wednesday, February 10th.In-The-Wild & Disclosed CVEsCVE-2021-1732A vulnerability in Win32k that allows for privilege escalation has been exploited in the wild. The Cybersecurity and Infra
Publish At:2021-02-09 19:50 | Read:146 | Comments:0 | Tags:VERT

Tripwire Patch Priority Index for January 2021

Tripwire’s January 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Dnsmasq and Oracle.First on the patch priority list this month are patches for Dnsmasq related to the seven so-called “DNSpooq” vulnerabilities. Dnsmasq is an open-source DNS forwarding application, and systems using this software sh
Publish At:2021-02-02 00:38 | Read:144 | Comments:0 | Tags:VERT patch priority index PPI

Tripwire Patch Priority Index for December 2020

Tripwire‘s December 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Pulse Secure, and Oracle.First on the patch priority list this month are two vulnerabilities that have recently been included within the Metasploit exploit framework. One is a vulnerability in Pulse Secure Desktop Client and the other is a vuln
Publish At:2021-01-11 02:08 | Read:278 | Comments:0 | Tags:VERT microsoft Oracle PPI

#TripwireBookClub – The Ghidra Book

It’s been a little while since we last reviewed a book, but a lot of my team has been spending time with Ghidra this year. Craig Young taught a course on the subject, and I’ve used it with my students at Fanshawe College in their Malware Analysis course. Given our fascination with Ghidra, reviewing The Ghidra Book: The Definitive Guide by Chris Eagle and Kar
Publish At:2020-12-21 03:02 | Read:370 | Comments:0 | Tags:VERT books Ghidra Review

VERT Alert: SolarWinds Supply Chain Attack

Vulnerability DescriptionThe United States Cybersecurity & Infrastructure Security Agency (CISA) has advised that an advanced persistent threat (APT) actor was able to insert sophisticated malware into officially signed and released updates to the SolarWinds network management software [1]. The attacks have been ongoing since at least March 2020 and CISA
Publish At:2020-12-18 20:26 | Read:353 | Comments:0 | Tags:Featured Articles VERT

VERT Threat Alert: December 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s December 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-918 on Wednesday, December 9th.In-The-Wild & Disclosed CVEsThere are no In-The-Wild or Disclosed CVEs patched this month.CVE Breakdown by TagWhile historical Microsoft Security Bulletin groupings
Publish At:2020-12-08 18:38 | Read:299 | Comments:0 | Tags:VERT

Tripwire Patch Priority Index for November 2020

Tripwire‘s November 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Oracle.First on the patch priority list this month are three vulnerabilities in Oracle WebLogic Server that have recently been included within the Metasploit exploit framework. Supported versions of Oracle WebLogic Server that are af
Publish At:2020-12-08 06:56 | Read:393 | Comments:0 | Tags:VERT

VERT Threat Alert: November 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s November 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-915 on Wednesday, November 11th. Note: Microsoft has changed their advisory format and no longer provides basic vulnerability descriptions.In-The-Wild & Disclosed CVEsCVE-2020-17087This CVE descr
Publish At:2020-11-10 19:49 | Read:405 | Comments:0 | Tags:VERT VERT News Vulnerability Management

Tripwire Patch Priority Index for October 2020

Tripwire‘s October 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Apple, Adobe, and Oracle.First on the patch priority list this month is a very high priority vulnerability in Oracle WebLogic Server. The vulnerability is within the Console component of Oracle WebLogic Server, and it can be exploited without au
Publish At:2020-11-03 08:25 | Read:456 | Comments:0 | Tags:Featured Articles VERT Adobe Apple microsoft Oracle patch pr

A WebLogic Vulnerability Highlights the Path-Based Authorization Dilemma

A WebLogic server vulnerability fixed by the October CPU has come under active exploitation after a Vietnamese language blog post detailed the steps needed to bypass authentication and achieve remote code execution on unpatched systems. Although there have been a series of actively exploited WebLogic deserialization bugs, the exploit payload in this case imm
Publish At:2020-11-02 12:55 | Read:433 | Comments:0 | Tags:VERT Authentication exploits vulnerability WebLogic Vulnerab

SonicWall VPN Portal Critical Flaw (CVE-2020-5135)

Vulnerability DescriptionTripwire VERT has identified a stack-based buffer overflow in SonicWall Network Security Appliance (NSA). The flaw can be triggered by an unauthenticated HTTP request involving a custom protocol handler. The vulnerability exists within the HTTP/HTTPS service used for product management as well as SSL VPN remote access.Exposure and Im
Publish At:2020-10-14 06:00 | Read:495 | Comments:0 | Tags:VERT SonicWall Tripwire VERT

VERT Threat Alert: October 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s October 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-909 on Wednesday, October 14th.In-The-Wild & Disclosed CVEsCVE-2020-16938This CVE describes an information disclosure in the Windows kernel that could allow a local attacker to disclose informatio
Publish At:2020-10-13 21:01 | Read:697 | Comments:0 | Tags:VERT VERT News Vulnerability Management

Tripwire Patch Priority Index for September 2020

Tripwire‘s September 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Apple, and various Linux distributions.Up first on the patch priority list this month is a very high priority vulnerability, which is called “Zerologon” and identified by CVE-2020-1472. It is an elevation of privilege vulnerability
Publish At:2020-10-05 02:49 | Read:1136 | Comments:0 | Tags:Featured Articles VERT Apple Linux microsoft patch priority

VERT Threat Alert: September 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-903 on Wednesday, September 9th.In-The-Wild & Disclosed CVEsThere were no in-the-wild or disclosed CVEs included in this month’s security guidance.CVE Breakdown by TagWhile historical Microsoft
Publish At:2020-09-08 23:35 | Read:827 | Comments:0 | Tags:Featured Articles VERT VERT News Vulnerability Management

Tripwire Patch Priority Index for August 2020

Tripwire‘s August 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Apple.Up first on the patch priority list this month are patches for Microsoft and Apple for vulnerabilities that have been integrated into various exploits. Metasploit has recently added exploits for Microsoft .NET Framework, SharePoi
Publish At:2020-09-01 01:57 | Read:1122 | Comments:0 | Tags:Featured Articles VERT Adobe Apple critical vulnerability mi

Tools

Tag Cloud

Keywords