noPac Exploit: Latest Microsoft AD Flaw May Lead to Total Domain Compromise in Seconds

Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalation with a direct path to a compromised domain. In mid-December 2021, a public exploit that Read More …

Make sure you’re up-to-date with Sonicwall SMA 100 VPN box patches – security hole exploit info is now out

Technical details and exploitation notes have been published for a remote-code-execution vulnerability in Sonicwall SMA 100 series VPN appliances. The information was released today by infosec outfit Rapid7. This comes about a month after Sonicwall issued a patch for the Read More …

JFrog researchers find JNDI vulnerability in H2 database consoles similar to log4shell

Security researchers from JFrog said on Thursday that they discovered a critical JNDI-based vulnerability in the H2 database console exploiting a root cause similar to Log4Shell. The CVE hasn’t been posted by NIST but will be assigned CVE-2021-42392. In a Read More …