Posted inSecurity
Apache HTTP Server Fixes Critical Flaws
The Apache Software Foundation has released new update to address two flaws that could be exploited by a remote attacker to take control of a vulnerable system running in its…
Posted inSecurity
AIOSEO WordPress Plugin Flaw
Two critical and high severity security vulnerabilities in "All in One" SEO WordPress plugin exposed over 3 million websites to takeover attacks. A critical Authenticated Privilege Escalation bug (CVE-2021-25036) and…
Privilege Escalation Haunts Lenovo Laptops
A privilege elevation issues in Lenovo laptops, including ThinkPad and Yoga families, are affected by that resides in the ImControllerService service allowing attackers to execute commands with admin privileges. the vulnerabilities,…
DarkWatchman RAT
A new JavaScript based RAT dubbed DarkWatchman propagated via a social engineering campaign has been observed employing sneaky "fileless" techniques as part of its detection evasion methods to elude discovery…
FORCEDENTRY Exploit of NSO Group
Google's Project Zero team has published an analysis of the FORCEDENTRY exploit that was used by NSO Group to infect target iPhones with its Pegasus spyware via iMessage. Originally first…
Seedworm havocs MiddleEast Telecoms
A cyberespionage campaign targeting telecoms operators, IT services organizations, and a utility company in the Middle East and other parts of Asia has been linked to the Iran-nexus advanced APT…
IIS Module Malvertised to Steal Microsoft Exchange Credentials
Threat actors are installing a malicious IIS web server module named 'Owowa' on Microsoft Exchange Outlook Web Access servers to steal credentials and execute commands on the server remotely. Owowa…
Posted inSecurity
Log4J Exploit Mitigation Incomplete !
A second vulnerability involving Apache Log4j was found after experts spent days attempting to patch or mitigate CVE-2021-44228. The description of the new vulnerability, CVE 2021-45046, says the fix to…