Google Discloses Details of Zoom Zero-Click Remote Code Execution Exploit
Google’s Project Zero has disclosed the details of a zero-click remote code execution exploit targeting the Zoom video conferencing software.
Adobe Security Bulletins and Advisories
Adobe had also released security patches for: — 1 critical code execution flaw in Commerce — 62 flaws in Acrobat and Reader — 2 critical flaws in After Effects — 13 code execution flaws in Photoshop
VMware warns of critical vulnerabilities in multiple products
VMware has warned customers to immediately patch critical vulnerabilities in multiple products that threat actors could use to launch remote code execution attacks.
SonicWall has released critical security updates
SonicWall has released security updates to contain a critical flaw across multiple firewall appliances that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and cause a denial-of-service (DoS) condition.
FBI warns hackers are sending USBs infected with ransomware to businesses
Since August 2021, the FBI has received reports of several packages containing these USB devices, sent to US businesses in the transportation, insurance, and defense industries. The packages were sent using the United States Postal Service and United Parcel Service. There are two variations of packages—those imitating HHS are often accompanied by letters referencing COVID-19 guidelines enclosed with a USB; and those imitating Amazon arrived in a decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB.
Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN
Status: Informational On November 10, 2021 Palo Alto Networks (PAN) provided an update that patched CVE-2021-3064 which was discovered and disclosed by Randori. This vulnerability affects PAN firewalls using the…