Recently Published
Mar 29, 2022 BY DATAPRISE
Google Chrome Zero-Day Vulnerability
Dataprise Defense Digest
EXECUTIVE SUMMARY
On March 23, 2022 an anonymous user reported a Type Confusion vulnerability in the Google Chrome browser. On March 29, 2022, Google released a new version of their popular Chrome browser to patch the zero-day vulnerability in the Chrome browser for Windows, macOS, and Linux. Micro...
READ MORE >
Share on LinkedIn
Share on Facebook
Mar 08, 2022 BY DATAPRISE
Linux Dirty Pipe Vulnerability
Dataprise Defense Digest
EXECUTIVE SUMMARY:
On March 8th, 2022 researchers discovered a vulnerability that allows for overwriting arbitrary read-only values, including /etc/shadow, allowing unprivileged actors to overwrite values and execute privileged processes as root. This vulnerability is considered high severity and ...
READ MORE >
Share on LinkedIn
Share on Facebook
Jan 26, 2022 BY DATAPRISE
PwnKit – Polkit PKEXEC Vulnerability
Dataprise Defense Digest
EXECUTIVE SUMMARY:
A vulnerability has been discovered in the Linux Polkit (aka PolicyKit) pkexec utility, which facilitates communication between non-privileged and privileged processes. Pollkit also allows non-users to run privileged commands within a set policy. When this vulnerability is exploi...
READ MORE >
Share on LinkedIn
Share on Facebook
Jan 21, 2022 BY DATAPRISE
Cisco CLI Command Injection Vulnerability
Dataprise Defense Digest
EXECUTIVE SUMMARY:
Cisco has identified a new vulnerability affecting:
* SD-WAN -vEdge, IOS XE hardware; vBond, vManage, vSmart, IOS XR software
* Ultra Gateway
* Network Services Orchestrator
* Virtual Topology System
* Enterprise NFV Infrastructure Software
* ConfD
This is a Command Lin...
READ MORE >
Share on LinkedIn
Share on Facebook
Jan 21, 2022 BY DATAPRISE
Cisco StarOS Software Vulnerability
Dataprise Defense Digest
EXECUTIVE SUMMARY:
Cisco has identified two new vulnerabilities affecting the Redundancy Configuration Manager for StarOS Software. These vulnerabilities were discovered by Cisco internal testing and allow an unauthenticated remote attacker to gain root level privileges. With this elevated privileg...
READ MORE >
Share on LinkedIn
Share on Facebook
Dec 11, 2021 BY DATAPRISE
APACHE LOG4SHELL 0DAY EXPLOIT
Dataprise Defense Digest
EXECUTIVE SUMMARY
A significant 0day Remote Code Exploit (RCE) has been identified in the open-source Java-based logging framework, Apache Log4j2. This framework is used widely in millions of web applications to facilitate logging of application error data. Attackers can exploit this vulnerability ...
READ MORE >
Share on LinkedIn
Share on Facebook