Contact us: (323) 791-9894 Fax: (626) 382-5666

Category: Uncategorized

Time to patch. Critical vulnerability in handling HTTP protocol in Windows 10 / Server

Microsoft released patches addressing a critical RCE vulnerability in Windows. This vulnerability allows an unauthenticated attacker to remotely execute code as kernel. This is a wormable vulnerability where an attacker can simply send a malicious crafted packet to the target impacted web server. Microsoft rates the criticality of this vulnerability at 9.8 / 10 on…

Update your Apple devices

Yes, there was just an update (to 14.5). But security is a process, not a product. It needs to be constantly monitored and improved. Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPot touch (7th generation) Impact:…

New 0-day on Microsoft Exchange…

Devcore team is still on the wave, this time they scooped up $200.000 (under the ZDI program) for another 0day exploit on Microsoft Exchange. This time there aren’t any patches available, but probably they will be very soon We have conducted a security audit for California services regarding the vulnerability in Microsoft Exchange systems. We…

Microsoft Teams. Exploit worth $200.000

The screenshot “Attempt 1”, means that the exploit works very well and it took only one attempt to use it. It is possible to get a code execution on the victim’s computer. Investigator’s award goes up to $ 200,000. What to do ? For now, there’s not much we can do (apart from waiting for…

Bug in OpenSSL – You can kill servers remotely (DoS)

OpenSSL project has just patched two vulnerabilities (marked with risk High). The CVE-2021-3449 vulnerability seems to be more important because it can be used in default configurations. As we can read here: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits…

Acer hit by ransomware attack

As you can see, the ransom is quite large (probably even the largest in history), and after the timeout it will jump higher. On the other hand, a discount of 20% is supposed to be applied for a quick deposit. Leaked images are for documents that include financial spreadsheets, bank balances, and bank communications. Intrusion…