Vulnerabilities & Exploits

Securezoo Cybersecurity Threat Center blog posts of new vulnerabilities and exploits.

CISA adds 3 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include Sudo, SMBv1 vulnerabilities)

The Cybersecurity and Infrastructure Security Agency (CISA) has added 3 vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Sudo, SMBv1 and Microsoft HTTP Protocol Stack vulnerabilities.

CISA adds 3 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include Sudo, SMBv1 vulnerabilities) Read More »

Google releases Chrome 100 security update (100.0.4896.75) with fix for 1 High risk vulnerability

Google has released Chrome 100.0.4896.75 for Windows, Mac and Linux with fixes for just one High risk vulnerability. In addition, Google also issued security updates for Chrome for iOS, Chrome for Android and LTS-96.

Google releases Chrome 100 security update (100.0.4896.75) with fix for 1 High risk vulnerability Read More »

log in, to register, window-3938430.jpg

GitLab issues security update for Critical hard-coded password vulnerability (CVE-2022-1162)

GitLab has issued a security update to address a Critical vulnerability CVE-2022-1162 where static passwords were inadvertently set during OmniAuth-based registration.

GitLab issues security update for Critical hard-coded password vulnerability (CVE-2022-1162) Read More »

security, alarm, monitor-5043368.jpg

Deep Panda APT group launches new attacks against Log4Shell vulnerability to install Fire Chili rootkits

In the past month, researchers from FortiLabs have detected a new cyber campaign involving Chinese Advanced Persistent Threat (APT) group Deep Panda that has exploited the Log4Shell (log4j) vulnerability CVE-2021-44228 on vulnerable VMware Horizon servers to install digitally signed Fire Chili rootkits.

Deep Panda APT group launches new attacks against Log4Shell vulnerability to install Fire Chili rootkits Read More »

CISA adds 7 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include Trend Micro, Sophos, Dell, QNAP) 

The Cybersecurity and Infrastructure Security Agency (CISA) has added 7 vulnerabilities to its Known Exploited Vulnerabilities Catalog. Recent additions include vulnerabilities affecting Trend Micro, Sophos, Windows, QNAP, Dell, and Dasan products.

CISA adds 7 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include Trend Micro, Sophos, Dell, QNAP)  Read More »

binary, code, binary code-4791836.jpg

Apple fixes zero-day vulnerabilities in iOS 15.4.1 and macOS Monterey 12.3.1 (with active exploits in the wild)

Apple has released security updates for Apple iOS 15.4.1, iPadOS 15.4.1 and macOS Monterey 12.3.1 products. Apple is aware of known exploits in the wild for a zero-day vulnerabilities CVE-2022-22675 and CVE-2022-22674.

Apple fixes zero-day vulnerabilities in iOS 15.4.1 and macOS Monterey 12.3.1 (with active exploits in the wild) Read More »

Google releases Chrome 100 security update (100.0.4896.60) with fixes for 9 High risk vulnerabilities

Google has released Chrome 100.0.4896.60 for Windows, Mac and Linux with fixes for multiple High risk vulnerabilities. In addition, Google also issued security updates for Chrome for iOS, Chrome for Android and Chrome OS.

Google releases Chrome 100 security update (100.0.4896.60) with fixes for 9 High risk vulnerabilities Read More »