Microsoft SPNEGO NEGOEX Vulnerability
Microsoft recently reclassified a vulnerability in SPNEGO NEGOEX (CVE-2022-37958) to a designation of “Critical” (maximum severity for their products): CVSS score 8.1. The CVE had previously been given a designation of “Important”: CVSS score of 7.5, but recent analysis of the patch identified that the vulnerability allowed remote code execution in a similar manner to […]
Major SAP Vulnerability
Priority: High – CVSS 10 Executive Summary: German enterprise software maker SAP and the US Cybersecurity and Infrastructure Security Agency issued security advisories on Tuesday 8th February to warn SAP customers to install the company’s February security patches as soon as possible in order to prevent the exploitation of a major vulnerability in a ubiquitous SAP component. Tracked as CVE-2022-22536, the vulnerability […]
UPDATE: Log4Shell –CVE-2021-44228 –Apache Log4j Vulnerability (15.12.21)
Priority: Critical Executive Summary: ITC Secure is continuing to monitor for any alerts that could indicate an incident related to the recent Log4j vulnerability. As a further update to our activities related to the Log4J vulnerability ITC continue to research and review available IOCs carrying out regular threat hunting to find any signs of compromise […]
UPDATE: Log4Shell –CVE-2021-44228 –Apache Log4j Vulnerability
Priority: Critical Executive Summary: ITC Secure is continuing to monitor for any alerts that could indicate an incident related to the recent Log4J vulnerability. ITC have carried out threat hunting across the available log sources we ingest into Sentinel for signs of initial compromise and reviewed endpoint activity for suspicious process executions which would be […]
Log4Shell –CVE-2021-44228 –Apache Log4j Vulnerability
Priority: Critical Executive Summary: Tracked as CVE-2021-44228. A new remote code execution vulnerability in Apache Log4j2, a Java based logging tool enables threat actors to take full control of servers without authentication. Publicly disclosed on 9thDecember 2021, the vulnerability is believed to being actively exploited in the wild. The flaw was dubbed “Log4Shell” by LunaSecwho […]
MICROSOFT WINDOWS – OCTOBER 2021 ZERO-DAY VULNERABILITIES
Priority: High Executive Summary: Microsoft has issued security updates to fix a total of 74 vulnerabilities including four zero-days in its October Patch Tuesday release including a Win32k Elevation of Privilege vulnerability that has been actively exploited in the wild. Out of these 74 vulnerabilities, three are classified as Critical, 70 as Important, and one […]
MICROSOFT MSHTML ZERO-DAY VULNERABILITY
Priority: Critical Executive Summary: Microsoft has reported a zero-day vulnerability in MSHTML affecting Microsoft Windows, targeting users to download a malicious Microsoft Office document. A proof-of-concept has been released to the public with Microsoft advising administrators to enforce a workaround until an official Microsoft patch is released. This is being tracked as CVE-2021-40444. The vulnerability […]