Posts for category: Vulnerabilities Weekly Summaries

Zero-Day Vulnerability in WordPress Plugin

Executive Summary On September 8, 2022 a threat intelligence team for the company WordFence became aware of a zero-day vulnerability that exists within WordPress [1]. WordPress is a popular ...

Apple IO Mobile Frame Buffer Vulnerability

(By Frank Wood on October 22, 2021) Executive Summary One of the leading competitors in the mobile device industry, Apple is no stranger to zero-day vulnerabilities and releases updates to ...

Honeywell Experion Process Knowledge System and Application Control Environment Controller Vulnerability

(By: Frank Wood on October 7, 2021) Executive Summary Honeywell products are widely adopted globally in various applications within the energy and manufacturing industries. More ...

VMware vCenter Server Vulnerability

(By: Frank Wood on September 30, 2021) Executive Summary VMware vCenter is a server management software that is “centrally visible, simplified and efficient management at scale, and ...

Zoho ManageEngine ADSelfService Plus Vulnerability

(By: Frank Wood on September 26, 2021) Executive Summary Zoho’s ManageEngine ADSelfService Plus is an active directory (AD) password management and single sign on utility that allows users ...

HAProxy Vulnerability

(By: Frank Wood on September 17, 2021) Executive Summary HAProxy is one of the most widely used open-source software load balancer proxy servers for Hypertext Transfer Protocol (HTTP) and ...

Atlassian Confluence Server and Data Center Vulnerability

(By: Frank Wood on September 10, 2021) Executive Summary Atlassian Confluence is a service that allows users within an organization to share, collaborate, and organize projects with each ...

Pulse VPN Vulnerability

(By: William Beard on August 10, 2021) Executive Summary FireEye and Pulse Secure are currently investigating a new vulnerability in the Pulse Connect Secure Virtual Private Network (VPN), ...

Cring Ransomware Attack

(By: William Beard on April 29, 2021) Executive Summary Kaspersky reported that several European industrial enterprises were attacked using the Cring ransomware in early 2021.  These ...

Microsoft Exchange Server Zero-Days

(By: William Beard on March 25, 2021) Executive Summary CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-26865 are four zero-day vulnerabilites that were used recently by the ...