Category: Exploits

Log4j Vulnerabilities

Towards the end of November, a researcher from Alibaba discovered a fault (CVE-2021-44228) in a well known open-source logging library called Log4j. The researcher responsibly disclosed his finding to Log4j’s Apache Software Foundation. An additional vulnerability (CVE-2021-45105) was also discovered in a patch released to fix the initial vulnerability. This was then followed with  yet another

Malicious Actor Discloses FortiGate SSL-VPN Credentials

This is a very serious leak as VPN (Virtual Private Network) username and passwords could undoubtedly allow the bad actors to access a network to perform all manner of activities including stealing date (data exfiltration), install hidden malware or perform ransomware attacks to extort money. Although the exploit relates to an already patched loop-whole,  you should

Hafnium

Microsoft has released an out-of-band security update for a serious and actively used number of exploits on Microsoft Exchange. They named it Hafnium. The following versions of Exchange Server are affected: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 Is this attack connected to the SolarWinds attack?Microsoft has said that it has seen “no

Travelex goes offline as it suffers ransomware attack, criminals were demanding $3m

Just before the turn of the year, Travelex, the foreign currency exchange service suspended their online services and took their systems offline after “a software virus was discovered”. They put out the following notice which is still displayed on their web site, 8 days later. A similar notice is shown on their twitter account. The

Security is a jigsaw

Security is a jigsaw. It has a lot of pieces (network security, email security, endpoint security etc) but to have the perfect fit, you have to align them correctly. You cannot replace a piece with a different piece even if you have more than one piece! If you are missing a piece you will always

More about Spectre vulnerability in modern CPU

For modern processing to optimise their data crunching, they do something called branch prediction. For example in a high level, if you have an IF statement and if x=1 you would do one thing and if x=0 would do another. What modern processors might do is execute both instructions until it figures out which one

Meltdown and Spectre: two securities issues at the heart of almost every computer in use

The Meltdown and Spectre are serious vulnerabilities and have wide reaching impact. They affect nearly every computer and device running current processor. Big vendors are affected including Microsoft, Apple MacOS, Google Android,  ChromeOS as they all either run on Intel or ARM. The loopholes existed for years. The flaws take advantage of loopholes that exist