Blogs

Confluence is a popular wiki-based collaboration tool developed by Atlassian that helps teams to collaborate and share knowledge efficiently. Atlassian offers the Confluence Data Center and Server versions for large enterprises that need additional scalability, security, and customizability compared to the SaaS Confluence Cloud version. Recently, Atlassian disclosed an actively exploited critical severity authentication vulnerability in the Confluence Data Center and Server, tracked as CVE-2023-22515. This vulnerability could allow an unauthenticated, remote attacker to create an administrator account and gain full control of the vulnerable Confluence instance. In this blog, we will discuss a summary of the CVE-2023-22515 vulnerability, impacted versions, and step-by-step procedure to fix CVE-2023-22515, a critical severity Privilege Escalation Vulnerability in Confluence. Confluence Server is an on-premises version of Confluence optimized for large enterprises. It provides better customization, scalability, compliance, and data ownership compared…

The Qualys Threat Research Unit (TRU) recently disclosed a high-severity vulnerability in GNU C Library aka glibc that could allow a local attacker to gain root privileges. This vulnerability, tracked as CVE-2023-4911 and nicknamed “Looney Tunables”, has been given a CVSS score of 7.8 making it a critical security issue that needs immediate attention. In this blog post, we will take a look into this vulnerability – its origins, impact, and the steps you need to take to patch this vulnerability on Linux systems using glibc. A Short Note About GNU C Library The GNU C Library or glibc provides core OS functionality like memory allocation, input/output operations, and thread handling required by most programs on a Linux system. A key component of glibc is the dynamic loader (ld.so) which loads the required shared libraries and…

On October 4th, 2023, Cisco disclosed a critical vulnerability in Cisco Emergency Responder that could allow an attacker to gain privileged access using static credentials. has assigned CVE-2023-20101 to track this vulnerability which stems from the presence of hardcoded static credentials for the root account in Cisco Emergency Responder. By exploiting these static credentials, an attacker could remotely login as root without authentication and execute arbitrary commands. With a CVSS score of 9.8, this vulnerability allows complete remote system compromise so it’s critical for businesses using Cisco Emergency Responder to patch immediately. In this blog post, we will cover the details of CVE-2023-20101, affected products, and finally, how to fix CVE-2023-20101, static credentials vulnerability in Cisco Emergency Responder. A Short Introduction to Cisco Emergency Responder Cisco Emergency Responder is an emergency call-handling system designed for Cisco Unified Communications Manager. It…

Operating systems are an essential component of any computing device. Without an OS, the hardware is just a hunk of silicon and metal. An OS allows the software to communicate with and control the hardware. This is true for personal computers as well as single board computers (SBCs) like the Raspberry Pi. The Raspberry Pi is a tiny, credit card-sized SBC that has taken the maker world by storm since its launch in 2012. Its low cost and versatility have made it a favorite for DIY projects. But like any computer, the Raspberry Pi also needs an OS to function. In this comprehensive guide, we will cover everything you need to know about how to write OS images for Raspberry Pi. We will be using the official Raspberry Pi Imager tool to write…

The October 2023 Patch Tuesday report has been released, providing critical information for organizations and individuals to address security vulnerabilities and software updates. This monthly event plays a crucial role in maintaining the security and stability of the Windows operating system and various other software products people rely on. In this article, we’ll break down the key highlights of the October 2023 Patch Tuesday report, focusing on the most pressing concerns for users and administrators. Notably, Microsoft has released fixes for 105 vulnerabilities in the October 2023 Patch Tuesday report, out of which 12 were rated Critical. Microsoft also warned about the active exploitation of 3 vulnerabilities. Again, as with other Patch Tuesday reports, the Remote Code Execution (RCE) vulnerability has topped the list with 45 occurrences in the list of vulnerabilities. Let’s…

Microsoft recently released the new cumulative update KB5031354 for Windows 11 versions 21H2 and 22H2 on October 10, 2023, as part of its October 2023 Patch Tuesday. Also referred to as the “Windows 11 Moment 4 update”, KB5031354 doesn’t ship with a wide array of features and bug fixes alone. However, this update combines the features and security updates from the previous update KB5030310, released on September 26, 2023, that made it shipped with a wide range of new features, security enhancements, and bug fixes for the latest Windows 11 releases. If you missed the September 26th update, this is a big update for you. The highlights include the first preview of the AI-powered Microsoft Copilot assistant, a redesigned File Explorer, updates for built-in apps like Snipping Tool and Paint with new AI capabilities, and…

If you have ever been part of security teams like the Security Operation Center (SOC) or CIERT teams, you might have dealt with many threat analyses as part of your incident response and malware analysis job. Capturing IOAs and IOCs and analyzing captured IOAs and IOCs are some of the crustal parts of the incident response and investigation procedure. And, of course, if you get lengthy lists of URLs, domains, IPs, and files, then it’s not just crustal, but also it’s a laborious task. I still remember the early days of my professional job, where my team was used to get hundreds of URLs, domains, IPs, and file hashes from our security advisory partners to analyze and block them on all our security devices. We used to spend several hours just analyzing…

Cybercriminals are constantly evolving their tactics to bypass modern security defenses and carry out successful attacks. Social engineering techniques like phishing have become one of the most common attack vectors from common men to organizations today. Attackers have started targeting images in their phishing campaign to operate covertly under the radar. This led to the birth of a new term, “Image Phishing”, which is nothing more than hiding malicious content inside of an image to trick traditional security systems. We created this post to let you all know more about the new angle of Phishing, the role of images in Phishing, and especially, the role of QR-Codes in today’s Phishing campaigns. We will also cover how attackers are leveraging QR codes to further disguise phishing attempts and real examples of QR code…

This is a comprehensive guide to install Docker Desktop on Linux, especially catering to Ubuntu and similar distributions. Docker Desktop on Linux runs a Virtual Machine (VM) and uses a custom docker context desktop-linux on startup, so images and containers deployed on the Linux Docker Engine (before installation) are not available in Docker Desktop for Linux. Let’s begin this How to guide learning abut the Docker Desktop, its prerequisites, and finally how to install Docker Desktop on different Linux Distribution. What is Docker Desktop? Docker Desktop is a tool for MacOS and Windows systems for building, sharing, and running Docker containers. It supports the latest technologies, such as cloud-native applications and provides a unified platform for managing all of your Dockerized applications. With Docker Desktop, you can easily build containerized applications, develop…

Cisco recently disclosed a critical privilege escalation vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software, tracked as CVE-2023-20198. This vulnerability allows an unauthenticated remote attacker to gain full administrator privileges on affected Cisco switches, routers and other devices running vulnerable versions of IOS XE. According to Cisco’s advisory, the vulnerability exists when the web UI feature is enabled via the ip http server or ip http secure-server commands. Successful exploitation gives the attacker complete control of the device and the ability to monitor traffic, pivot to protected networks, and conduct man-in-the-middle attacks. Cisco has rated this as a maximum severity bug with the CVSS score of 10 out of 10. This is an actively exploited zero-day vulnerability, with over 35,000 internet-facing Cisco devices already confirmed infected. Cisco…