Background On Tuesday, February 8, 2022, SAP patched a critical memory corruption vulnerability (CVE-2022-22536) in the SAP Internet Communication Manager (ICM) component that could lead
Background On Monday, January 31, 2022, Samba released an advisory for remote code execution vulnerability CVE-2021-44142. All versions of Samba prior to 4.13.17 are vulnerable
Background On Monday, January 31, 2022, Samba released an advisory for remote code execution vulnerability CVE-2021-44142. All versions of Samba prior to 4.13.17 are vulnerable
December 20 Update: Arctic Wolf Provides Video Walkthrough of Log4Shell Deep Scan Tool In this short six-minute video, Arctic Wolf provides an update on the
After successful deployment to Arctic Wolf’s customer community of more than 2,300 organizations worldwide, today we are making “Log4Shell Deep Scan” publicly available on GitHub. Log4Shell Deep Scan enables detection of both CVE-2021-45046 and CVE-2021-44228 within
Background On Thursday, December 2, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) and Federal Bureau of Investigations (FBI) reported a new campaign targeting ManageEngine
Background On Friday, December 3, 2021, ManageEngine released a patch advisory for CVE-2021-44515, an authentication bypass vulnerability affecting Desktop Central Enterprise and MSP versions. Desktop
Background On Tuesday, November 9, 2021, Microsoft released patches for two actively exploited vulnerabilities, CVE-2021-42321 in Microsoft Exchange, and CVE-2021-42292 in Microsoft Excel. CVE ID
Background Security researchers have observed a significant shift in tactics from the Magnitude Exploit Kit (EK) this week with the addition of exploits for Chromium-based
Background On Tuesday, 5 October 2021, Apache released a patch advisory for CVE-2021-41773, a path traversal, and file disclosure vulnerability affecting Apache HTTP Server version
On Tuesday, 21 September 2021, VMware released a patch advisory for a new remote code execution (RCE) vulnerability in VMware vCenter Server tracked as CVE-2021-22005.
Background On September 14, 2021, Microsoft released a patch advisory for CVE-2021-38647, a remote code execution (RCE) vulnerability affecting Open Management Infrastructure (OMI), an open-source
On 7 September 2021, some threat-intel researchers were made aware of a new threat against Windows operating systems and Microsoft Office products. With the identifier
Background On August 25, 2021, Atlassian published an advisory for a vulnerability in its Confluence server titled “CVE-2021-26084: Atlassian Confluence OGNL Injection” CVE ID CVSS
Background On 30 August 2021, Trend Micro’s Zero Day Initiative (ZDI) published a technical blog on CVE-2021-33766, a new vulnerability in Exchange also known as
Background Microsoft has been dealing with a series of vulnerabilities in the Windows Print Spooler, a service that provides printer functionality on domain controllers —
Background On Tuesday, August 10, 2021, as part of the Microsoft Patch Tuesday release, security updates were made available to address the publicly documented exploit
Background Security researchers at Microsoft and Palo Alto Networks are reporting a new campaign targeting ManageEngine ADSelfService Plus servers that are vulnerable to CVE-2021-40539. Microsoft
The window to patch your critical systems is shrinking. The White House says that the Microsoft Exchange Server vulnerability has moved the time to patch from days to just hours to reduce
Background On 20 April 2021 Ivanti, the parent company of Pulse Secure, released Pulse Connect Secure version 9.1R11.4 to address the zero-day vulnerability CVE-2021-22893, among
On Tuesday, 13 April, Microsoft released security updates for four new critical remote code execution (RCE) vulnerabilities in on-premises Microsoft Exchange as part of its
Executive Summary On Wednesday, 10 March, F5 released security updates for its BIG-IP & BIG-IQ product lines that addressed several vulnerabilities, including one unauthenticated remote
Executive Summary On Wednesday, March 10, F5 released security updates for its BIG-IP & BIG-IQ product lines that addressed several vulnerabilities, including one unauthenticated remote
Executive Summary On Tuesday, 2 March, Microsoft released an out-of-band patch to address multiple remote code execution (RCE) vulnerabilities in Microsoft Exchange. Four of these
Executive Summary On Tuesday, February 23, VMware released an advisory and patch for a new remote code execution (RCE) vulnerability in VMware vCenter Server tracked
Executive Summary On Tuesday, 23 February, VMware released an advisory and patch for a new remote code execution (RCE) vulnerability in VMware vCenter Server tracked
Executive Summary On Friday, January 22, SonicWall publicly disclosed a coordinated attack on its internal systems that it believes involved zero-day vulnerabilities in a number
Executive Summary On Wednesday, 3 February researchers at security firm TrustWave released a blog post detailing a new remote code execution (RCE) vulnerability in the
