Follina – A Microsoft Office Code Execution Vulnerability

Security researchers from different organizations have observed a Zero-Day novel vulnerability on Microsoft Office that may allow loading malware from remote servers without detection in a multi-stage attack.  Kevin Beaumont, a security researcher, has named it “Follina” because the retrieved sample infected Word file included the area code of Follina on its filename. Nao Sec continue reading : Follina – A Microsoft Office Code Execution Vulnerability

VMware Critical Vulnerabilities (CVE-2022-22972 and CVE-2022-22973)

VMware has released a critical security advisory (VMSA-2022-0014) for the security vulnerabilities found in multiple VMware products. ______________________________ A. Nature of Vulnerability CVE-2022-22972 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. VMware has evaluated the severity of this issue to be in the Critical severity continue reading : VMware Critical Vulnerabilities (CVE-2022-22972 and CVE-2022-22973)

F5 BIG-IP products vulnerability (CVE-2022-1388)

______________________________ A. Nature of Vulnerability CVE-2022-1388 CVE-2022-1388 allows unauthenticated attackers with network access to the BIG-IP system to run arbitrary code and gain control via the management port or self-IP addresses. ______________________________ B. List of Affected Versions and Fixed Versions BIG-IP (all modules) Affected Versions Fixed Version 16.1.0 – 16.1.2 16.1.2.2 15.1.0 – 15.1.5 15.1.5.1 continue reading : F5 BIG-IP products vulnerability (CVE-2022-1388)

Oracle Critical Patch Update Advisory – April 2022

______________________________ A. Actions to be Taken Review and apply the necessary patch/es provided by Oracle. Proactively monitor and secure identified systems and devices for any suspicious/malicious activities. In addition, providing and capacitating employees with cybersecurity knowledge and information to minimize the attack surface. For additional information, kindly refer to the official advisories: https://www.oracle.com/security-alerts/cpuapr2022.html?fbclid=IwAR0ipvSnyD10MZWYeEDgCyWWDa2FpaLDxGc25qO6YWnN8FQ2VAIVULLZMoU ______________________________ B. continue reading : Oracle Critical Patch Update Advisory – April 2022

Lenovo Notebook BIOS Vulnerabilities (CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972)

Lenovo has addressed 3 high-impact security vulnerabilities tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972 that affect Lenovo consumer laptops in its Unified Extensible Firmware Interface (UEFI). This came after ESET security researchers responsibly reported the vulnerabilities to Lenovo in October last year. According to the detailed technical analysis published by ESET, two of the vulnerabilities (CVE-2021-3971 continue reading : Lenovo Notebook BIOS Vulnerabilities (CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972)