Logo Logo
  • Home
  • Modshield SB
  • services
    • Application Security Testing
    • IoT Security Testing
    • Infrastructure Security Testing
    • Testing for Compliance
    • Red Team Exercise
    • Performance Testing
  • Training
    • Cybersecurity Awareness Program
    • Cybersecurity For Developers(Web Application)
    • Cybersecurity For Developers(Mobile Application)
  • Resources
    • Blog
    • CyberNews
  • About
    • Partners
    • Contact

Top CyberNews October 2021 – Week 3

  • Home
  • Blog Details
October 19 2021
  • CyberNews

Microsoft fixes its zero-day, new python vulnerability and bootkit for conducting covert cyberespionage. New cyberthreats are being discovered everyday and we bring you the top 3 for the 3rd week of October 2021.

Microsoft October 2021 Patch Tuesday fixes 4 zero-days, 71 flaws

October’s Patch Tuesday includes fixes for four zero-day vulnerabilities, with a Win32k Elevation of Privilege Vulnerability vulnerability known to have been actively exploited in attacks.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available

The actively exploited vulnerability was discovered by Kaspersk’s Boris Larin (oct0xor) and allows malware or a threat actor to gain elevated privileges on a Windows device.

Microsoft also fixed three other publicly disclosed vulnerabilities that are not known to be exploited in attacks.

source: bleepingcomputer.com

New UEFI Bootkit Performs Espionage

A new bootkit has been discovered that performs cyberespionage and compromises system partitions. Dubbed ESPecter, the bootkit is believed to have been active since 2012.

Various UEFI firmware vulnerabilities have enabled attackers to disable Secure Boot. Because of these vulnerabilities, most of the legacy systems are at greater risk from bootkits such as ESPecter. Thus, always make sure of applying security patches quickly.

source: cyware.com

PyPI removes ‘mitmproxy2’ over code execution concerns

The PyPI repository has removed a Python package called ‘mitmproxy2’ that was an identical copy of the official “mitmproxy” library, but with an “artificially introduced” code execution vulnerability.

The official ‘mitmproxy’ Python library is a free and open-source interactive HTTPS proxy with over 40,000 weekly downloads.

source: bleepingcomputer.com

Previous Post Next Post

Leave a Comment

Recent Posts

  • SOC 2 Compliance – Complete Guide
  • What is compliance and why do you need it?
  • OWASP WAF – Web Application Firewall
  • Top Cyber News April Week 3
  • Top Cyber News April Week 2

Recent Comments

  1. Vishnu on IEC 62443 – Cybersecurity for Industrial Automation and Control Systems

Archives

  • July 2022
  • June 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • June 2020

Categories

  • Blog
  • CyberNews
© Copyright 2020. Anada WordPres Theme By WordPressRiver