Commonly Exploited Vulnerabilities
Priority: High Executive Summary: In a series of coordinated cyber attacks beginning on the 14th January 2022, orchestrated by Russian state-sponsored actors, more than 70 Ukrainian government websites have been defaced or rendered inaccessible. Russian threat actors have used spear-phishing, brute-force and exploited known vulnerabilities to gain access to target networks by compromising third-party […]
CVE-2021 20038..42: SonicWall SMA 100 Multiple Vulnerabilities (FIXED)
Priority: High Executive Summary: SonicWall has verified and patched vulnerabilities of critical and medium severity (CVSS 5.3-9.8) in SMA 100 series appliances, which include SMA 200, 210, 400, 410 and 500v products. SMA 100 series appliances with WAF enabled are also impacted by the majority of these vulnerabilities. A critical severity vulnerability (CVSS 9.8) in […]
UPDATE: Log4Shell –CVE-2021-44228 –Apache Log4j Vulnerability (15.12.21)
Priority: Critical Executive Summary: ITC Secure is continuing to monitor for any alerts that could indicate an incident related to the recent Log4j vulnerability. As a further update to our activities related to the Log4J vulnerability ITC continue to research and review available IOCs carrying out regular threat hunting to find any signs of compromise […]
UPDATE: Log4Shell –CVE-2021-44228 –Apache Log4j Vulnerability
Priority: Critical Executive Summary: ITC Secure is continuing to monitor for any alerts that could indicate an incident related to the recent Log4J vulnerability. ITC have carried out threat hunting across the available log sources we ingest into Sentinel for signs of initial compromise and reviewed endpoint activity for suspicious process executions which would be […]
Log4Shell –CVE-2021-44228 –Apache Log4j Vulnerability
Priority: Critical Executive Summary: Tracked as CVE-2021-44228. A new remote code execution vulnerability in Apache Log4j2, a Java based logging tool enables threat actors to take full control of servers without authentication. Publicly disclosed on 9thDecember 2021, the vulnerability is believed to being actively exploited in the wild. The flaw was dubbed “Log4Shell” by LunaSecwho […]
MICROSOFT WINDOWS – OCTOBER 2021 ZERO-DAY VULNERABILITIES
Priority: High Executive Summary: Microsoft has issued security updates to fix a total of 74 vulnerabilities including four zero-days in its October Patch Tuesday release including a Win32k Elevation of Privilege vulnerability that has been actively exploited in the wild. Out of these 74 vulnerabilities, three are classified as Critical, 70 as Important, and one […]
FORCEDENTRY ZERO-DAY VULNERABILITY
Priority: Critical Executive Summary: Citizen Lab has discovered a zero-day zero click exploit against Apple’s iMessage. The exploit tracked as ForcedEntry, CVE-2021-30860 was identified by Citizen Lab and immediately reported to Apple who released a fix to patch all OS, iOS and watchOS devices. Citizen Lab claims that a Saudi activist was infected with the […]