NCERT | National Computer Emergency Response Team Philippines

Apple iOS Zero-day Vulnerability (CVE-2021-1879)

Apple addressed an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. The flaw could be exploited to allow attackers to launch universal cross-site scripting attacks after tricking targets into opening maliciously crafted web content on their devices. A. Nature of the Vulnerability The vulnerability was tracked continue reading : Apple iOS Zero-day Vulnerability (CVE-2021-1879)

Cisco Jabber Multiple Vulnerabilities

Cisco has addressed several vulnerabilities impacting versions of Cisco Jabber client software for Windows, macOS, Android, and iOS, including a critical arbitrary program execution vulnerability. Cisco Jabber is a web conferencing and instant messaging app that allows users to send messages via the Extensible Messaging and Presence Protocol (XMPP). Successful exploitation could enable remote attackers continue reading : Cisco Jabber Multiple Vulnerabilities

Brute-force Attacks on QNAP’s NAS Devices

QNAP warns customers of ongoing attacks targeting QNAP NAS (network-attached storage) devices. QNAP has received multiple user reports of hackers attempting to log in to QNAP devices using brute-force attacks, where hackers would try every possible password combination of a QNAP device user account. ___________________________________ A. Nature of the Attack Threat actors are reported to continue reading : Brute-force Attacks on QNAP’s NAS Devices

OpenSSL Vulnerabilities (CVE-2021-3449 and CVE-2021-3450)

The OpenSSL Project addresses two high-severity vulnerabilities in OpenSSL Products, a commonly used software library for building networking applications and servers that need to establish secure communications, including one related to verifying a certificate chain and one that can trigger a DoS condition. ___________________________________ A. Nature of the Vulnerabilities The following vulnerabilities were tracked as: continue reading : OpenSSL Vulnerabilities (CVE-2021-3449 and CVE-2021-3450)

PSExec Privilege Escalation Vulnerability (CVE-2021-1733)

Microsoft has fixed a vulnerability in the PsExec utility that allows local users to gain elevated privileges on Windows devices. PsExec is a Sysinternals utility designed to allow administrators to perform various activities on remote computers, such as launching executables and displaying the output on the local computer or creating reverse shells. Threat actors commonly continue reading : PSExec Privilege Escalation Vulnerability (CVE-2021-1733)