Dell has addressed vulnerabilities in its BIOS driver software used across its desktop and laptop PCs, notebooks, and tablet products. The vulnerable driver, dbutil_2_3.sys, is used in firmware update utility packages, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags to update drivers, BIOS, and firmware for Dell products. continue reading : Dell Driver Vulnerabilities (CVE-2021-21551)

A collection of critical vulnerabilities was found in Exim mail server that consisted of twenty-one flaws that can be exploited locally and remotely. some of which when chained together, could allow attackers to execute arbitrary code, modify email settings and configuration, create new accounts, even gain root privilege on affected mail servers with default or continue reading : 21Nails, A Collection of Exim Vulnerabilities

Apple has released a security update affecting its iOS, iPadOS, macOS, tvOS and watchOS products. The update addressed three zero-day vulnerabilities found in WebKit, a browser engine used by Safari and other third-party web browsers in iOS, that are reported to be exploited in the wild. In addition, another zero-day vulnerability was addressed on an continue reading : Apple Zero-day Vulnerabilities (CVE-2021-30661, CVE-2021-30663, CVE-2021-30665, and CVE-2021-30666)

SonicWall has released an update for their hosted and on-premises email security products. The update addresses three zero-day vulnerabilities that are being actively exploited in the wild. Exploiting the flaws could allow attackers to gain administrative access to the vulnerable devices, access files and emails, install backdoor malwares, and move laterally to the victim organization’s continue reading : SonicWall Zero-Day Vulnerabilities (CVE-2021-20021, CVE-2021-20022, CVE-2021-20023)

Pulse Secure has published a security advisory with regards to threat actors exploiting Pulse Connect Secure (PCS) SSL VPN appliance with a newly discovered zero-day flaw that can allow attackers to perform remote arbitrary file execution on the Pulse Connect Secure gateway, together with previously patched vulnerabilities addressed back in 2019 and 2020. According to continue reading : Pulse Secure VPN Zero-day (CVE-2021-22893)

Early in the second week of April, CERT-PH discovered that there are reports from different Facebook users regarding random tags from people with whom they are not connected as ‘friends’ in the said social media platform. These tagged posts are believed to be a malicious link that may lead into different attacks that may affect continue reading : Facebook Rampant Tagging

Codecov has disclosed and acknowledged that it suffered a data breach that can potentially be chained to launch attacks on their customers. Codecov is a company that sells and provides solutions that integrate tools for developers to gain actionable visibility into their source code, also known as Code Coverage. This helps developers in measuring how continue reading : Codecov’s Bash Uploader Development Tool Compromised

Microsoft has released its monthly security update for the month of April addressing a collection of vulnerabilities, including five (5) zero-day flaws and four (4) additional Microsoft Exchange vulnerabilities. Minimal information is given for the zero-day vulnerabilities, but successful exploitations could allow threat actors an elevation of privilege, denial of service (DoS) attacks, and information continue reading : Microsoft April 2021 Security Update

APKPure, one of the largest and popular alternative app stores that contains third-party games and software catalogs for the Android OS, was discovered to be infected with malware which allows malicious threat actors to distribute Trojans and malwares to Android devices. APKPure version 3.17.18 was discovered to have been tampered and tweaked in attempts to continue reading : Compromised APKPure Client to Deliver Malware