Chromium-Based Vulnerabilities

Priority: High Summary: Security researcher known as ‘frust’ has recently published a zero-day POC (Proof of Concept) exploit on Twitter for a zero-day remote code execution vulnerability found on Chromium-based browsers. This follows from two other Chromium-based vulnerabilities which were released on 14th April 2021. [2] The recent vulnerability allows an attacker to open the […]

Critical Remote Code Execution Vulnerability In Vsphere Client

Priority: Critical SummaryVMware published a security advisory on Tuesday, 23rd February describing three vulnerabilities affecting their vCenter Server, ESXi and Cloud Foundation products (VMSA-2021-0002). Of the three vulnerabilities, CVE-2021-21972 is the most critical with a CVSSv3 score of 9.8 out of 10. This is an unauthenticated remote code execution (RCE) vulnerability found in the HTML5 […]

ZeroLogon Windows Active Directory Privileged Escalation Exploit

Priority: Critical Executive Summary: Researchers at Secura have recently created and published a proof-of-concept (PoC) exploit which can allow access to an organisation’s critical server, the Active Directory domain controller [1]. The researchers have named the PoC ‘Zerologon’. The vulnerability (CVE-2020-1472), carries a critical severity rating from Microsoft [2]. A successful exploit requires an attacker […]