by CIRT Team
Multiple Vulnerabilities in Cisco Webex Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in Cisco Webex NetworkRecording Player and Cisco Webex Player that could allow for arbitrarycode execution. The Webex meeting service is a hosted multimediaconferencing solution that is managed and maintained by Cisco Webex. TheWebex Network Recording Player is an application that is used to convertWebex recording files to standard formats such as Windows Media Video,Flash or MP4. The Webex Player is...
Read More
by CIRT Team
Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in Mozilla Firefox,Firefox Extended Support Release (ESR) and Mozilla Firefox for iOS, themost severe of which could allow for arbitrary code execution. MozillaFirefox is a web browser used to access the Internet. Mozilla FirefoxESR is a version of the web browser intended to be deployed in largeorganizations. Mozilla Firefox for iOS is a web browser used to accessthe Internet on...
Read More
by CIRT Team
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this...
Read More
by CIRT Team
Multiple Vulnerabilities in VMware vCenter Server Could Allow for Remote Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in VMware vCenter Server,the most severe of which could allow for remote code execution. VMwarevCenter Server is a centralized management utility for VMware, and isused to manage virtual machines, multiple ESXi hosts, and all dependentcomponents from a single centralized location. Successful exploitationof these vulnerabilities could allow an attacker to execute remote codein context of the user running the application. IMPACT:Multiple...
Read More
by CIRT Team
CVE-2021-21985: Critical VMware vCenter Server Remote Code Execution
Description: The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. Impacted Products:VMware vCenter Server (vCenter...
Read More
by CIRT Team
NOBELIUM Cyberattack : New sophisticated email-based attack
Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. The campaign, initially observed and tracked by Microsoft since January 2021, evolved over a series of waves demonstrating significant experimentation. On May 25, 2021, the campaign escalated as NOBELIUM leveraged the...
Read More
by CIRT Team
A Vulnerability in Microsoft Windows JET Database Engine Could Allow for Arbitrary Code Execution
DESCRIPTION:A vulnerability has been discovered in Microsoft Windows JET DatabaseEngine that could allow for arbitrary code execution. Microsoft WindowsJET Database Engine provides data access to various applications such asMicrosoft Access, Microsoft Visual Basic, and third-party applications.Successful exploitation of this vulnerability could result in arbitrarycode execution within the context of the application, an attackergaining the same privileges as the logged-on user, or the bypassing ofsecurity restrictions....
Read More
by CIRT Team
Cybersecurity Threat Alerts – Zeppelin Ransomware
Zeppelin ransomware is also referred to as Buran and has its origin in the Vega/VegaLocker family, a Delphi-based ransomware-as-a-service (RaaS).According to researcher Vitali Kremez, Zeppelin binaries are generated via a GUI wizard by affiliates who then distribute the malware in exchange for revenue sharing. Vega samples were first discovered in the beginning of 2019, being distributed alongside other widespread financial malware as part of a...
Read More
by CIRT Team
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in Adobe Products, themost severe of which could allow for arbitrary code execution. * Acrobat and Reader is a family of application software and Webservices mainly used to create, view, and edit PDF documents.* Animate is a multimedia authoring computer animation program.* Experience Manager is a content management solution for buildingwebsites, mobile apps, and forms.* InCopy is a professional word...
Read More
by CIRT Team
Wi-Fi Enabled Devices Could Allow for Data Exfiltration
DESCRIPTION:Multiple vulnerabilities have been discovered in Wi-Fi enabled devices,the most severe of which could allow for data exfiltration. IEEE 802.11is part of the IEEE 802 set of local area network technical standards,and specifies the set of medium access control and physical layerprotocols for implementing wireless local area network communication.Successful exploitation of the most severe of these vulnerabilitiescould allow an attacker to exfiltrate user data. IMPACT:*...
Read More