many parts make the whole
As more and more people are working remotely virtual meeting apps like Zoom are becoming an essential part of many organizations. Although Zoom is no stranger to security issues, see CVE-2021-28133 and CVE-2021-30480, it is still widely in use. Personally I would recommend using an alternative like Teams or Webex, but to each their own. … Read More “REMOTE CODE EXECUTION in Zoom from Pwn2Own 2021” »
Exploit code is now available for CVE-2021-1675 allowing for Remote Code Execution. This vulnerability allows an unauthenticated bad actor to execute code as SYSTEM on vulnerable systems. Microsoft has released an advisory and patches are available here. There are reports that the patches alone are not sufficient at this time so you may want to … Read More “PrintNightmare – REMOTE CODE EXECUTION in Windows Spooler Service CVE-2021-1675” »
Office 365 has been steadily growing for many years to the point where it currently has over 200 million users. Many large and small organizations are increasingly taking advantage of cloud based services and infrastructure to reduce costs and increase availability to their users. So, when there is security issue with a major cloud based … Read More “REMOTE CODE EXECUTION in Office 365” »
At this time there are now multiple exploits available for CVE-2020-0688 which allows for Remote Code Execution on servers running a vulnerable version of Microsoft Exchange. This code is executed as SYSTEM and the CVSS score for this vulnerability is 9.0 HIGH. Authentication is required, however, due to Outlook Web Access this could be easy … Read More “Microsoft Exchange CVE-2020-0688 – MULTIPLE EXPLOITS AVAILABLE” »
One of the most popular VPN provides, NordVPN has been in the news recently for being hacked. According to NordVPN no user data was compromised and the bad actor never had access to any user traffic. A bad actor was able to acquire a TLS key for a single server in Finland. NordVPN is downplaying … Read More “NordVPN COMPROMISE” »
A security vulnerability was revealed earlier this week in the Nvidia GeForce Experience. If you are not familiar this is Nvidia’s preferred, (meaning default), method of delivering drivers to their video cards. Most gamers using Nvidia cards likely have this application installed to keep their drivers updated. It also includes the ability to take screenshots … Read More “NVIDIA GEFORCE EXPERIENCE OS COMMAND INJECTION” »