Horde Webmail Has Zero-Day RCE Bug – Will Not Be Patched

What if you have software with a vulnerability that will not be patched? What does this mean?   RCE means Remote Code Execution which means the attacker does not have to be on the system to exploit it (this is the most dangerous attack). If you are running Horde webmail to check your email – … Read more

Why Did China Declare War on West/USA?

Remember the  Exchange server hack from a year ago (post from 3/16/21)? “Exchange Server Attacks Just Beginning?”  “Attacks exploiting the flaws were first spotted in January. They initially were limited and targeted, seemingly for espionage: the adversaries primarily targeted specific email accounts. Microsoft attributed the activity to a group it calls Hafnium, believed to operate … Read more

Fileless Malware Attacks VERY Hard to Detect

As a Malwarebytes blogpost states, here are 5 reasons why fileless malware is used by attackers: The most common use cases for fileless malware are: Initial access. The first step of a cyberattack is to gain a foothold on a system. This can be stealing credentials or exploiting a vulnerability in an access point. Harvest … Read more

Another Vulnerability in a Cloud Framework

Rapid7 has found a spring framework vulnerability called Spring4Shell   As usual a new vulnerability requires risk management to be reassessed.   https://nvd.nist.gov/vuln/detail/CVE-2022-22965  Leads to https://tanzu.vmware.com/security/cve-2022-22965 Which says the following information which is important. CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ Affected VMware Products and Versions Severity is critical unless otherwise noted. … Read more

Linux Kernel Vulnerability + Dirty Pipe

What does it mean when a Linux Kernel has a vulnerability? the Linux kernel is the software which runs the system – the  main operating system software it is inside all other software – it does connect to applications with shell (usually Bourne image from Linoxide   Updated the image to include Android possible issues … Read more