Apple has released a security update affecting its iOS, iPadOS, macOS, tvOS and watchOS products. The update addressed three zero-day vulnerabilities found in WebKit, a browser engine used by Safari and other third-party web browsers in iOS, that are reported to be exploited in the wild. In addition, another zero-day vulnerability was addressed on an continue reading : Apple Zero-day Vulnerabilities (CVE-2021-30661, CVE-2021-30663, CVE-2021-30665, and CVE-2021-30666)

SonicWall has released an update for their hosted and on-premises email security products. The update addresses three zero-day vulnerabilities that are being actively exploited in the wild. Exploiting the flaws could allow attackers to gain administrative access to the vulnerable devices, access files and emails, install backdoor malwares, and move laterally to the victim organization’s continue reading : SonicWall Zero-Day Vulnerabilities (CVE-2021-20021, CVE-2021-20022, CVE-2021-20023)

Pulse Secure has published a security advisory with regards to threat actors exploiting Pulse Connect Secure (PCS) SSL VPN appliance with a newly discovered zero-day flaw that can allow attackers to perform remote arbitrary file execution on the Pulse Connect Secure gateway, together with previously patched vulnerabilities addressed back in 2019 and 2020. According to continue reading : Pulse Secure VPN Zero-day (CVE-2021-22893)

Early in the second week of April, CERT-PH discovered that there are reports from different Facebook users regarding random tags from people with whom they are not connected as ‘friends’ in the said social media platform. These tagged posts are believed to be a malicious link that may lead into different attacks that may affect continue reading : Facebook Rampant Tagging