DESCRIPTION:A vulnerability has been discovered in Mozilla’s Network SecurityServices (NSS), a set of cryptography libraries used to handlesignatures and certification validation. Successful exploitation of thisthe vulnerability could allow for arbitrary code execution within thecontext of the affected application, which could be either a client likeThunderbird or server like Apache webserver. Depending on the privilegesassociated with this application, an attacker could then installprograms; view, change, or...
Read More
Log4j is an open-source logging framework developed by the Apache Foundation which is incorporated into many Java-based applications on both servers and end-user systems.A series of vulnerabilities in the popular Java-based logging library Log4j is under active exploitation by multiple threat actors. The current list of vulnerabilities and recommended fixes are listed here: CVE-2021-44228 (CVSS score: 10.0- CRITICAL) – Apache Log4j2 JNDI features do not...
Read More
DESCRIPTION:Multiple vulnerabilities have been identified in Mozilla Thunderbird,the most severe of which could allow for arbitrary code execution.Mozilla Thunderbird is an email client. Successful exploitation of themost severe of these vulnerabilities could allow for arbitrary codeexecution. Depending on the privileges associated with the user, anattacker could then install programs; view, change, or delete data; orcreate new accounts with full user rights. Users whose accounts areconfigured...
Read More
DESCRIPTION:A vulnerability has been discovered in SonicWall SMA100 Series thatcould allow for arbitrary file deletion. The SonicWall SMA 100 Series isa unified secure access gateway that enables organizations to provideaccess to any application, anytime, from anywhere, and any devices,including managed and unmanaged. Successful exploitation of thisvulnerability could result in arbitrary file deletion which enables anattacker to reboot the device to factory default settings. Afterward,this could...
Read More
Description: Apache Log4j2 <=2.14.1 JNDI features used in the configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10)...
Read More
DESCRIPTION:A vulnerability has been discovered in Confluence Server and DataCenter, which could allow for arbitrary code execution. Confluence is awiki tool used to help teams collaborate and share knowledgeefficiently. Successful exploitation of this vulnerability could allowan unauthenticated user to execute arbitrary code on a Confluence Serveror Data Center instance. Depending on the privileges associated with theinstance, an attacker could view, change, or delete data. IMPACT:US...
Read More
DESCRIPTION:Multiple vulnerabilities have been discovered in the Google Androidoperating system (OS), the most severe of which could allow for remotecode execution. Android is an operating system developed by Google formobile devices, including, but not limited to, smartphones, tablets, andwatches. Successful exploitation of the most severe of thesevulnerabilities could allow for remote code execution within the contextof a privileged process. Depending on the privileges associated withthis...
Read More
২০০৮ সালে OIC (অরগানাইজেশন অফ ইসলামিক কো-অপারেশন) এর- ৩৫তম অধিবেশনে Organisation of the Islamic Cooperation -Computer Emergency Response Team (OIC-CERT) প্রতিষ্ঠিত হয়। আজ ২৮ সেপ্টেম্বর, ২০২১ মঙ্গলবার স্বাগতিক দেশ ওমানে ‘Enhance Cyber Security Readiness’ বিষয়ে OIC-CERT -এর বাৎসরিক সাইবার ড্রিল ‘9th Arab Regional and OIC-CERT Cyber Drill 2021’ অনুষ্ঠিত হল। ৪ (চার) ঘন্টার এই ড্রিলে ২০ (বিশ) টি টীম অংশ নেয়। বাংলাদেশ, ভারত, পাকিস্তান, শ্রীলংকা,...
Read More
Apple has released security updates to address vulnerabilities—CVE-2021-30858 and CVE-2021-30860—in multiple products. An attacker could exploit these vulnerabilities to take control of an affected device. CISA is aware of public reporting that these vulnerabilities may have been exploited in the wild. CISA encourages users and administrators to review the security update pages for the following products and apply the necessary updates. macOS Big Sur 11.6...
Read More
DESCRIPTION:A vulnerability has been discovered in Confluence Server and DataCenter, which could allow for arbitrary code execution. Confluence is awiki tool used to help teams collaborate and share knowledgeefficiently. Successful exploitation of this vulnerability could allowan unauthenticated user to execute arbitrary code on a Confluence Serveror Data Center instance. Depending on the privileges associated with theinstance, an attacker could view, change, or delete data. IMPACT:A...
Read More