Get in Touch
Please get in touch using the form below.
Menu
Stay tuned to vulnerabilities and advisories from around the globe.
Home / Threat Intelligence bulletins
Published: 9th August 2021
According to the security researcher, Orange Tsai, "These attack vectors enable any unauthenticated attacker to uncover plaintext passwords and even execute arbitrary code on Microsoft Exchange Servers through port 443". The following products may be vulnerable if unpatched.
Learn more
A vulnerability in the firmware of a number of common home routers has been identified being actively exploited in order to install the Mirai botnet. An unauthenticated remote attacker could bypass authentication in order to take over the device and use it to their own ends.
Published: 6th August 2021 | In: Threat Intelligence & Guidance
VMWare has released a new patch set to remediate vulnerabilities in a number of their products, while (separately) ransomware threat actors have been seen to be shifting their Tactics, Techniques and Processes in order to target Linux infrastructures and, more specifically, the VMWare ESXi host devices.
Published: 6th August 2021
The most severe of these issues is a high security vulnerability in the Media Framework component that could enable a local malicious application to bypass operating system protections that isolate application data from other applications.
Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data.
A critical vulnerability resides on the web-based management interface of the devices and allows for an attacker to execute arbitrary code and/or cause a denial of service (DoS) condition by constantly reloading the device An additional, high severity, vulnerability could be leveraged by an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of vulnerable devices.