New Sudo flaw used to root on any standard Linux installation
Vulnerability tracked as CVE-2021-3156 in Sudo, could allow unprivileged local users to gain root privileges on a vulnerable host
Vulnerabilities
Turla Crutch backdoor: analysis and recommendations
Crutch is a newly discovered backdoor from Turla advanced persistent threat (APT), a Russian-linked threat actor, used in a recent cyberattack against an country’s...
Volodya/BuggiCorp Windows exploit developer: What you need to know
Check Point researchers unveiled the identity of two authors responsible for zero-day attacks on Windows using a novel technique that allows them to recognize...
AWS APIs abuse: Watch out for these vulnerable APIs
In December 2020, Unit 42 researchers at Palo Alto Networks discovered a class of AWS application programming interfaces (APIs) that can be abused to enumerate...
How to reserve a CVE: From vulnerability discovery to disclosure
A CVE, meaning Common Vulnerabilities and Exposure, is a publicly reported vulnerability in software products. Vulnerabilities are assigned CVE IDs to ensure...
SonicWall firewall VPN vulnerability (CVE-2020-5135): Overview and technical walkthrough
A critical stack-based buffer overflow vulnerability was discovered in SonicWall Network Security Appliance (NSA) VPN. In this article, we will address the...
Top 25 vulnerabilities exploited by Chinese nation-state hackers (NSA advisory)
China is considered a world leader in cybercrime. It is amongst “the most hacker-active countries” in terms of intensity of outgoing attack traffic, “often...
Zerologon CVE-2020-1472: Technical overview and walkthrough
Zerologon is the name of an elevation of privilege vulnerability in which an attacker establishes a vulnerable Netlogon secure channel connection to a Domain...
Unpatched address bar spoofing vulnerability impacts major mobile browsers
A number of web browsers have been affected by an address bar spoofing vulnerability that could lead to malware infections and successful spearphishing attempts....
Software vulnerability patching best practices: Patch everything, even if vendors downplay risks
Software vulnerability continues to be a challenging cybersecurity risk. Cybercriminals are able to seize on these vulnerabilities and breach systems. The...