UPDATE: Log4Shell –CVE-2021-44228 –Apache Log4j Vulnerability

Priority: Critical Executive Summary: ITC Secure is continuing to monitor for any alerts that could indicate an incident related to the recent Log4J vulnerability. ITC have carried out threat hunting across the available log sources we ingest into Sentinel for signs of initial compromise and reviewed endpoint activity for suspicious process executions which would be […]

Log4Shell –CVE-2021-44228 –Apache Log4j Vulnerability

Priority: Critical Executive Summary: Tracked as CVE-2021-44228. A new remote code execution vulnerability in Apache Log4j2, a Java based logging tool enables threat actors to take full control of servers without authentication. Publicly disclosed on 9thDecember 2021, the vulnerability is believed to being actively exploited in the wild. The flaw was dubbed “Log4Shell” by LunaSecwho […]

MICROSOFT WINDOWS – OCTOBER 2021 ZERO-DAY VULNERABILITIES

Priority: High Executive Summary: Microsoft has issued security updates to fix a total of 74 vulnerabilities including four zero-days in its October Patch Tuesday release including a Win32k Elevation of Privilege vulnerability that has been actively exploited in the wild. Out of these 74 vulnerabilities, three are classified as Critical, 70 as Important, and one […]

FORCEDENTRY ZERO-DAY VULNERABILITY

Priority: Critical Executive Summary: Citizen Lab has discovered a zero-day zero click exploit against Apple’s iMessage. The exploit tracked as ForcedEntry, CVE-2021-30860 was identified by Citizen Lab and immediately reported to Apple who released a fix to patch all OS, iOS and watchOS devices. Citizen Lab claims that a Saudi activist was infected with the […]

MICROSOFT MSHTML ZERO-DAY VULNERABILITY

Priority: Critical Executive Summary: Microsoft has reported a zero-day vulnerability in MSHTML affecting Microsoft Windows, targeting users to download a malicious Microsoft Office document. A proof-of-concept has been released to the public with Microsoft advising administrators to enforce a workaround until an official Microsoft patch is released. This is being tracked as CVE-2021-40444. The vulnerability […]

KASEYA REVIL RANSOMWARE EXPLOIT

Priority: Critical Executive Summary: The Kaseya VSA IT management and patching platform has been compromised and used by Russia-based “ransomware-as-a-service” group REvil (aka Sodinokibi and Sodin) to distribute a malicious powershell script to disable Microsoft Defender on the targeted host and execute the REvil encryption tool, rendering the host inoperable. A ransom, reportedly of up […]

PRINTNIGHTMARE ZERO-DAY VULNERABILITY

Priority: Critical   Executive Summary: Security researchers have accidentally published a proof-of-concept zero-day called “PrintNightmare” for all supported Windows devices including endpoints and servers. This vulnerability can be exploited to achieve both remote code execution and local privilege escalation. Tracked as CVE-2021-1675, the critical vulnerability exploits built-in Windows print spooler service. Background: Microsoft released a […]

GOOGLE CHROME ZERO-DAY TYPE CONFUSION VULNERABILITY

Priority: High Summary: A critical vulnerability was found in Google Chrome (Web Browser) stemming from a type confusion issue in its V8 open-source engine which leads to a privilege escalation vulnerability and impacts confidentiality, integrity and availability. Tracked as CVE-2021-30551, the vulnerability was discovered by Sergei Glazunov from Google Project Zero. The exploitation is known […]

MICROSOFT WINDOWS JUNE 2021 ZERO-DAY VULNERABILITIES

Priority: High Summary: Kaspersky security researchers have discovered a new threat actor dubbed PuzzleMaker, who has used a chain of Windows 10 zero-day exploits in highly targeted attacks against multiple companies worldwide. The most harmful (assigned the catalogue number CVE-2021-33742) can allow malicious web pages to compromise the Windows operating system via Internet Explorer and […]

Chromium-Based Vulnerabilities

Priority: High Summary: Security researcher known as ‘frust’ has recently published a zero-day POC (Proof of Concept) exploit on Twitter for a zero-day remote code execution vulnerability found on Chromium-based browsers. This follows from two other Chromium-based vulnerabilities which were released on 14th April 2021. [2] The recent vulnerability allows an attacker to open the […]