Citrix Gateway & Citrix ADC remote code exploit (CVE-2022-27518)

Apply latest patch to mitigate zero-day vulnerability CVE-2022-27518 — A vulnerability has been discovered in Citrix Gateway and Citrix ADC, listed below, that, if exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance.

Citrix Gateway & Citrix ADC remote code exploit (CVE-2022-27518)2022-12-16T15:07:16-05:00

iManage Security Vulnerability due to third-party Apache component Log4j

If not mitigated, potential remote exploits to an Apache component called Log4J can be executed by a malicious attacker. This vulnerability is known worldwide as CVE-2021-44228. Check this iManage Security Advisory.

iManage Security Vulnerability due to third-party Apache component Log4j2022-12-13T14:54:40-05:00

Alert: Third-party Security Vulnerability Affects On-Premises versions of iManage Systems (Apache)

The iManage Security team identified a vulnerability affecting on-premises versions of iManage products. It is an exploit targeting the Apache HTTP Server which if not mitigated, can be exploited under certain conditions.

Alert: Third-party Security Vulnerability Affects On-Premises versions of iManage Systems (Apache)2022-12-13T14:57:01-05:00

[Update] On-Premises Microsoft Exchange Server Zero-Day Vulnerability

Microsoft has released a patch to mitigate to this vulnerability, we can’t deny the fact that this security flaw has already been exploited by numerous criminal organization – developing into a new ransomware attack and other potential malicious activities. Check this post for options & solutions.

[Update] On-Premises Microsoft Exchange Server Zero-Day Vulnerability2021-03-16T13:33:35-04:00

Advisory: HAFNIUM targeting Exchange Servers with Critical 0-day Exploits

Hafnium operators deploy web shells on compromised server, creating software backdoors that allow attackers to steal data and perform additional malicious actions that lead to further compromise.

Advisory: HAFNIUM targeting Exchange Servers with Critical 0-day Exploits2022-03-22T17:04:34-04:00