Note: This bulletin was written by Eric Dodge of the Kudelski Security Threat Detection & Research Team Summary The Zero Day Initiative (ZDI) recently disclosed
Tag: Security Advisory
Active exploitation of Citrix ADC and Gateway Critical Remote Code Execution Vulnerability by Suspected Chinese APT5 (CVE-2022-27518)
Written by Harish Segar of the Kudelski Security Threat Detection & Research Team Summary On December 13, 2022, The U.S. National Security Agency (NSA) release
SPNEGO NEGOEX: Critical Pre-Authentication RCE Vulnerability in Modern Microsoft Windows Operating Systems (CVE-2022-37958)
Written by Mark Stueck of the Kudelski Security Threat Detection & Research Team Summary On Tuesday, December 13th, Microsoft reclassified a previously acknowledged information disclosure
Critical Severity Buffer Overflow 0-Day Vulnerability in Fortinet SSL-VPN Under Active Exploitation (CVE-2022- 42475)
This bulletin was authored by Mark Stueck of the Kudelski Security Threat Detection & Research Team. Summary On December 12th, 2022, Fortinet disclosed the existence
PwnKit: Local Privilege Escalation (LPE) in Polkit’s pkexec (CVE-2021-4034)
Summary On January 25, researchers at Qualys disclosed a high severity local privilege escalation (LPE) vulnerability affecting Linux’s policy kits (Polkit) pkexec utility. Pkexec is
[Updated] Log4Shell: Critical Severity Apache Log4j Remote Code Execution Being Actively Exploited (CVE-2021-44228 & CVE-2021-45046)
Update December 17th, 2021: Log4j 2.15.0 Vulnerability Upgraded from Low to Critical Severity (CVSS 9.0) – RCE possible in non-default configurations The Apache Software Foundation