Uncategorized

Google has issued a warning regarding a serious vulnerability in their Chrome browser (affecting Windows, Mac, and Linux) that could potentially allow a malicious actor to take full control over a machine. Google urges users to update their browsers immediately. Currently it’s estimated that about 2 billion Chrome browser installs are vulnerable.

Two of the biggest wireless carriers in the US have been breached, resulting in millions of records of customer information being stolen and sold on the dark web. Besides the latent threat of identity theft, the repercussions of how this data could be misused could be disastrous on both a personal and a corporate level.

On July 23rd, French researcher Gilles Lionel (aka Topotam) revealed a new exploit technique called “PetitPotam” that modifies a previously discovered exploit in the Windows Print Spooler to allow attackers to exploit vulnerable Windows Servers without the Microsoft Print System Remote Protocol (MS-RPRN) API.

In an advisory released by Redhat (informed by researchers at Qualys), a vulnerability in the Linux kernel file system that allows attackers to gain root privileges has been disclosed.

On July 20nd, The Carnegie Mellon University’s Software Engineering Institute published a note on a vulnerability (VU#506989) affecting windows 10 issued a warning about a critical vulnerability affecting Windows 10 build 1809 and above which can grant non-administrative users access to SAM, SYSTEM and SECURITY files.

In an advisory released by Microsoft on July 15th 2021 via their website, a new vulnerability related to Print Spooler service has been disclosed.

Microsoft issued a warning about a critical .NET Core remote code execution vulnerability in PowerShell version 7. This is caused by the way text encoding is performed in .NET 5 and .NET Core.