Faulty CrowdStrike Update Causes Major IT Outage Worldwide

On Friday 19, 2024 many organizations across the globe have seen disruptions on their windows systems stemming from a faulty update pushed out by CrowdStrike; a prominent cybersecurity company. CrowdStrike is a Texas-based EDR (Endpoint Detection & Response) solutions company serving over 500 companies in the fortune 1000. Their products run on millions of endpoints […]

Ransomware attacks target VMware ESXi servers worldwide: Patch Immediately!

In a recent advisory issued by the French CERT Team, it was noted that threat actors are exploiting 2 years old remote code execution vulnerability to deploy a new ransomware that targets the VMware ESxi servers worldwide. This Critical vulnerability, tracked as CVE-2021-21974, is caused by a heap overflow issue in the OpenSLP service, which could be exploited by unauthenticated cyber criminals in low-level attacks. In an advisory published at […]

January 2023 Patch Tuesday

It’s a new year and another edition of patch Tuesday is among us.  On Tuesday, January 10th, Microsoft released its latest round of patches for various vulnerabilities in its software. This month’s Patch Tuesday includes fixes for several critical vulnerabilities that could allow attackers to execute arbitrary code or cause a denial of service on […]

New Microsoft Exchange Zero-days Under Active Exploitation

Security researchers are warning of antecedently covert flaws in totally patched Microsoft Exchange servers being exploited by malicious actors in real-world attacks to realize remote code execution on affected systems. The 1st vulnerability, known as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, whereas the second, identified as CVE-2022-41082, permits remote code execution (RCE) once […]

Vulnerability Management VS Vulnerability Remediation Team: A constant struggle?

In the cybersecurity realm, vulnerability is most likely the center of every domain and the most discussed topic. Vulnerabilities can bring people together to solve the issues that are being introduced as part of the constant technological advancement. However, just like a coin has two sides, vulnerabilities divide the Cybersecurity community into two major groups. […]

Log4j, Log4j, Log4j: Vulnerability of the year 2021?

On December 10, the cyber security community was hit again yet with another 0-day exploit. The vulnerability being tracked as CVE-2021-44228, is called “log4j” which is a critical vulnerability in popular java logging library. The vulnerability is being exploited in the public as you’re reading this article. Threat actors are adopting “spray-and-pray” method to exploit […]

Accenture Ransomware Attack

Another day, another ransomware attack! A big fish in the tech market has fallen victim this time. Accenture, a giant tech consultant firm has been hit with Ransomware by LockBit 2.0 ransomware gang. Accenture worth the attack? Accenture is one of the big tech companies which provide Cyber Security and related technology services to many […]

PATCH TUESDAY July 2021 Edition: Another Patch Tuesday, another Nightmare!

It’s that time of the month again! Yes, patch Tuesday is here and everyone is preparing to patch their environment. Given the recent situation with PrintNightmare vulnerability, everyone is on the edge and rushing to patch as soon as possible which makes this month’s patch very interesting. July 2021 Patch Tuesday fixes 117 security vulnerabilities […]