Summary
CVE-2021-28310 is a privilege escalation vulnerability in Windows' Desktop Window Manager. It was discovered by Kaspersky being used in-the-wild by BITTER APT.
Threat Type
Vulnerability, Exploit, APT
Overview
Kaspersky published a blog post detailing CVE-2021-28310, a zero-day vulnerability they discovered being exploited by BITTER APT. It is a privilege escalation vulnerability, and Kaspersky believes it was used in combination with other browser exploits. Since the full exploit chain wasn't captur
Summary
SAP has released its April 2021 security patches for a variety of products. Each product and a link to details on the vulnerability are listed below. In all, 14 security notes were released. Of these, 1 is rated critical, 4 are rated high, 9 are rated as medium, and 5 are updates to previously released patches. The potential impact from successful exploitation of the most serious vulnerability is remote code execution. In addition, privilege escalation, accessing sensitive files, and other nefarious
Summary
The ICS-CERT has published fifteen advisories that affect Schneider Electric SoMachine Basic, Advantech WebAccessSCADA, JTEKT TOYOPUC products, the Siemens products Solid Edge File Parsing, Web Server of SCALANCE X200, SINEMA Remote Connect Server, LOGO! Soft Comfort, PKE Control Center Server, TIM 4R-IE Devices, Nucleus Products IPv6 Stack, Nucleus Products DNS Module, Tecnomatix RobotExpert, SIMOTICS CONNECT 400, Nucleus DNS, and the Siemens and Milestone Siveillance Video Open Network Bridge.
Thr
Summary
PAM update 4104.08194 contains 10 new events, 23 new moderate event responses, and 23 new aggressive event responses.
Threat Type
Vulnerability
Overview
This content update is compatible with IBM QRadar Network Security Firmware version 5.4 or later, IBM QRadar Network Security for VMware firmware version 5.4 or later, IBM Security Network IPS GV-Series Virtual Appliances, IBM Security Network IPS GX-Series Appliances Firmware version 4.5 or later, IBM Security Network Protection XGS Firmware versio
Summary
The Mozilla Foundation has issued a Moderate-rated security advisory that addresses multiple vulnerabilities in Thunderbird.
Threat Type
Vulnerability
Overview
The Mozilla Foundation has released Thunderbird 78.9.1 to cover multiple vulnerabilities related to OpenPGP functions. The advisory has been rated as Moderate. The vulnerabilities could potentially result in a failure to send encrypted emails or allow a remote attacker to conduct a spoofing attack. For further details, please refer to the app
Summary
Throughout 2020 IBM X-Force saw a proliferation of malware created using the Go programming language, now some of that focus seems to be shifting onto the Nim programming language, with the latest addition being the Nimar Backdoor.
Threat Type
Vulnerability
Overview
Throughout 2020 IBM X-Force saw a proliferation of malware created using the Go programming language, now some of that focus seems to be shifting onto Nim. Nim is a flexible, statically typed programming language which is notable for hav
Summary
The Android Security Bulletin for April has been released and provides information on the thirty-six vulnerabilities that are addressed in this bulletin.
Threat Type
Vulnerability
Overview
The April security bulletin for Android has been released. In it, thirty-six vulnerabilities are addressed. Some of the potential impacts of successful exploitation of the vulnerabilities are information disclosure, privilege escalation, and remote code execution. Two of the vulnerabilities were rated as "Critical