CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065: Four Zero-Day Vulnerabilities in Microsoft Exchange Server Exploited in the Wild

Four zero-day vulnerabilities in Microsoft Exchange servers have been used in chained attacks in the wild. Background On March 2, Microsoft published out-of-band advisories to address four zero-day vulnerabilities in Microsoft Exchange Server that have been exploited in the wild. CVE Vulnerability Type CVSSv3 CVE-2021-26855 Server-Side Request Forgery (SSRF) 9.1 CVE-2021-26857 Insecure … [Read more...]

CVE-2021-21972: VMware vCenter Server Remote Code Execution Vulnerability

Proof-of-concept exploit scripts for a critical remote code execution flaw, along with mass scanning activity, indicate that organizations should apply vCenter Server patches immediately. Background On February 23, VMware released a security advisory (VMSA-2021-0002) to address two vulnerabilities in vCenter Server, a centralized management software for VMware vSphere systems, as well as a … [Read more...]

Accellion Patches Four Vulnerabilities in File Transfer Appliance (CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104)

Accellion recently released patches addressing four vulnerabilities in its File Transfer Appliance, a tool linked to a growing list of data breaches since December. Background On January 12, Accellion, a private cloud solutions company, published a statement regarding a security incident involving one of its customers. The statement revealed the presence of a “P0 (priority zero) vulnerability” in … [Read more...]

NUMBER:JACK: Nine Vulnerabilities Across 11 Open Source TCP/IP Stacks

Nine new vulnerabilities have been identified across several TCP/IP stacks embedded in millions of OT, IoT and IT devices, spurring continued scrutiny of these already vulnerable asset types. Background On February 10, researchers at Forescout published a report called NUMBER:JACK, which details nine vulnerabilities discovered across 11 open source TCP/IP stacks. The prevalence of these stacks … [Read more...]

CVE-2020-1472: Microsoft Finalizes Patch for Zerologon to Enable Enforcement Mode by Default

Zerologon has quickly become valuable to nation-state threat actors and ransomware gangs, making it imperative for organizations to apply these patches immediately if they have not yet done so. Background On February 9, as part of its February 2021 Patch Tuesday release, Microsoft released an additional patch for Zerologon to enable a security setting by default to protect vulnerable … [Read more...]

CVE-2021-21148: Google Chrome Heap Buffer Overflow Vulnerability Exploited in the Wild

Following reports of in-the-wild exploitation, Google released a patch for the third browser-based zero-day vulnerability of 2021. Background On February 4, Google published a stable channel update for Chrome for Desktop. This release contained a single security fix to address a critical zero-day vulnerability that had been exploited in the wild. Analysis CVE-2021-21148 is a heap buffer overflow … [Read more...]

CVE-2021-20016: Zero-Day Vulnerability in SonicWall Secure Mobile Access (SMA) Exploited in the Wild

SonicWall releases a patch after researchers confirm exploitation of a zero-day vulnerability in SonicWall Secure Mobile Access Background On January 22, SonicWall published a product notification regarding a “coordinated attack on its internal systems” conducted by “highly sophisticated threat actors.” SonicWall believed the attackers had exploited “probable zero-day vulnerabilities” in specific … [Read more...]

CVE-2020-6207: Proof of Concept Available for Missing Authentication Vulnerability in SAP Solution Manager

A researcher has published a proof-of-concept exploit script for a critical SAP vulnerability patched in March 2020 and attackers have begun probing for vulnerable SAP systems. Background On January 14, a proof-of-concept (PoC) exploit script for a critical vulnerability in the SAP Solution Manager, a centralized management solution for SAP and non-SAP systems, was published on GitHub. The … [Read more...]

Oracle January 2021 Critical Patch Update Includes Fixes for Five Critical WebLogic Flaws (CVE-2021-2109)

Oracle’s first Critical Patch Update of 2021 addressed 329 security updates across 25 product families, including five new critical flaws in Oracle WebLogic Server. Background On January 19, Oracle released the Critical Patch Update (CPU) for January 2021, its first quarterly release for the year. This quarterly update contains fixes for 202 CVEs in 329 security updates across 25 Oracle product … [Read more...]

Solorigate: SolarWinds Orion Platform Contained a Backdoor Since March 2020 (SUNBURST)

Nation-state threat actors breached the supply chain of a popular IT management software provider in order to infiltrate government agencies and private companies. Background On December 13, several news outlets, including Reuters, The Washington Post and The Wall Street Journal, reported that multiple U.S. government agencies were the victims of a significant breach reportedly linked to hackers … [Read more...]