Ελληνικά
CVE-2021-34527Security Vulnerability Released: 1 Ιουλ 2021 Last updated: 6 Ιουλ 2021Assigning CNA: Microsoft MITRE CVE-2021-34527CVSS:3.0 8.8 / 8.2 Attack VectorNetworkAttack ComplexityLowPrivileges RequiredLowUser InteractionNoneScopeUnchangedConfidentialityHighIntegrityHighAvailabilityHighExploit Code MaturityFunctionalRemediation LevelTemporary FixReport ConfidenceConfirmed Executive Summary A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could […]
Author Archives: CSIRT
Families are hitting the road again. And it’s absolutely no surprise that they’re taking their smartphones with them. Perhaps what is surprising is that so many of them may be hitting the road without any digital or mobile protection. Our recent research shows that 68% of people in the U.S. said that they’re planning to travel for leisure this year, slightly higher than the international average of 64%.1 However, our research also discovered […]
Published: 2021-06-15 Risk Medium Patch available YES Number of vulnerabilities 1 CVE ID CVE-2021-31521 CWE ID CWE-79 Exploitation vector Network Public exploit N/A Vulnerable software InterScan Web Security Virtual ApplianceServer applications / Server solutions for antivurus protection Vendor Security Advisory This security advisory describes one medium risk vulnerability. 1) Cross-site scripting Risk: Medium CVSSv3.1: 5.3 […]
SolarMarker makers are using SEO poisoning, stuffing thousands of PDFs with tens of thousands of pages full of SEO keywords & links to redirect to the malware. The pushers behind the SolarMarker backdoor malware are flooding the web with PDFs stuffed with keywords and links that redirect to the password-stealing, credential-snarfing malware. Microsoft Security Intelligence […]
Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to get access to emails about financial transactions. In this blog, we’ll share our technical analysis and journey […]