Nagios XI vulnerabilities open enterprise IT infrastructure to attack

Researchers have unearthed 11 vulnerabilities affecting Nagios XI, a widely used enterprise IT infrastructure/network monitoring solution, some of which can be chained to allow remote code execution with root privileges on the underlying system. Attackers are likely to try to exploit vulnerabilities in network management systems like Nagios because their oversee critical network components and […]

Continue Reading

A malicious document could lead to RCE in Apache OpenOffice (CVE-2021-33035)

Apache OpenOffice, one of the most popular open-source office productivity software suites, sports a RCE vulnerability (CVE-2021-33035) that could be triggered via a specially crafted document. The vulnerability has been fixed in the software’s source code, but there is no official software version with the fix (though test build installers are available). About CVE-2021-33035 CVE-2021-33035 […]

Continue Reading

Plug critical VMvare vCenter Server flaw before ransomware gangs start exploiting it (CVE-2021-22005)

VMware has fixed 19 vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation, the most critical of which is CVE-2021-22005. “This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server,” the company noted. “The ramifications of this vulnerability are […]

Continue Reading

CVE-2021-40444 exploitation: Researchers find connections to previous attacks

The recent targeted attacks exploiting the (at the time) zero-day remote code execution vulnerability (CVE-2021-40444) in Windows via booby-trapped Office documents have been delivering custom Cobalt Strike payloads, Microsoft and Microsoft-owned RiskIQ have shared. The researchers also found connections between the attackers’ exploit delivery infrastructure and an infrastructure previously used by attackers to deliver human-operated […]

Continue Reading

Kali Linux 2021.3 released: Kali NetHunter on a smartwatch, wider OpenSSL compatibility, new tools, and more!

Offensive Security has released Kali Linux 2021.3, the latest version of its popular open source penetration testing platform. You can download it or upgrade to it. Kali Linux 2021.3 changes The changes in this version include: OpenSSL has been configured for wider compatibility, allowing the use of legacy protocols, meaning that Kali can now talk […]

Continue Reading