How to Fix CVE-2023-38035- API Authentication Bypass Vulnerability on Ivanti Sentry Administrator Interface?

How to Fix CVE-2023-38035- API Authentication Bypass Vulnerability on Ivanti Sentry Administrator Interface?

Application/Appliance
Recently, a critical authentication bypass vulnerability was discovered in Ivanti Sentry by security researchers at mnemonic. This vulnerability tracked as CVE-2023-38035, could allow an unauthenticated threat actor to bypass authentication controls and make unauthorized changes to the Ivanti Sentry server configuration. Ivanti Sentry, formerly known as MobileIron Sentry, acts as a gateway between mobile devices and backend resources like Microsoft Exchange or SharePoint servers. It works together with Ivanti Endpoint Manager Mobile (EPMM) platform to enforce security policies on managed devices. On August 21, 2023, mnemonic disclosed the discovery of a high severity vulnerability in Ivanti Sentry that received a CVSS score of 9.8. If successfully exploited, this flaw could enable network-level attackers to bypass authentication and gain privileged remote access to the Sentry appliance. In this blog, we will summarize everything about this zero-day vulnerability…
Read More
Breaking Down the Latest April 2023 Patch Tuesday Report

Breaking Down the Latest April 2023 Patch Tuesday Report

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Attacks, Cyber Security, Threats & Vulnerabilities, Windows
Microsoft releases security updates every month to address vulnerabilities in its software products. These updates are critical to ensuring the security of computer systems and networks. The April 2023 Patch Tuesday Report is important as it fixes various security vulnerabilities discovered in Microsoft’s software products.  This blog will provide an overview of the latest April 2023 Patch Tuesday report, highlighting the significant vulnerabilities and their severity levels. Microsoft Patch Tuesday April 2023 Report Summary Microsoft released the April 2023 Patch Tuesday. Let’s see the summary of the report: The update addresses 114 vulnerabilities, 7 are classified as critical, and 90 are classified as important. The April 2023 update includes fixes for one zero-day vulnerabilities, which are exploited in the wild. All 9 Critical vulnerabilities are Remote Code Execution vulnerabilities.  The products covered…
Read More
Step-by-Step Guide to Install Raspberry Pi OS on a Raspberry Pi Single Board Computer!

Step-by-Step Guide to Install Raspberry Pi OS on a Raspberry Pi Single Board Computer!

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Security, Linux, Tutorials
Raspberry Pi OS is a Debian-based operating system developed by Raspberry Pi Foundations. It is the operating system that is specifically designed for the Raspberry Pi Single Board Computer board. And it s an excellent choice for anyone looking to start using and exploring the possibilities of DIY computing using Raspberry Pi boards. The operating system provides outstanding flexibility with respect to its hardware compatibility, allowing it to be used with a wide range of Raspberry Pi models. Additionally, the operating system is open source and free, providing users with access to its source code which can be edited and improved by anyone with advanced knowledge. Raspberry Pi OS carries many advantages over other operating systems when it comes to running Raspberry Pi. All these made Installing Raspberry Pi OS on a Raspberry…
Read More
What are Micropatches? Why Do We Need Micropatching?

What are Micropatches? Why Do We Need Micropatching?

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Security, Network Security, Windows
Various known but unpatched vulnerabilities pose significant risks to organizations. However, these organizations use defensive tools and technologies to mitigate those risks but continue to use software containing potential vulnerabilities. It leaves those systems at a continuous risk because once a vulnerability is made public, a malicious link or code to exploit it generally appears within 48 hours. The National Vulnerability Database presented 22,000 new vulnerabilities recently in 2021. The primary issue is the time the organization needs (almost 60.3 days) to resolve a single vulnerability. This means the attackers get 60 days to exploit the vulnerability before it gets fixed. Therefore, it is essential to micropatch the vulnerability as soon as it is detected. Micropatching is the practical solution so far! But what are micropatches? This post will help you understand a micropatch, why it…
Read More
4 Uncommon Programming Languages for Malware Development

4 Uncommon Programming Languages for Malware Development

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Security, Malware, Threats & Vulnerabilities
Technological advancements are one of the vital factors in the modern era. The latest technologies have improved efficiency, altered the status of society, and revolutionized living standards. However, they can also be misused by malicious actors with evil intentions or turned against the purpose of their creation. Bad actors have a reputation for being slow to change what works for them, but it’s not always the case. However, some malware groups have taken advantage of trying uncommon programming languages for malware development. Programming languages for malware development, such as DLang, Nim, Rust, and Go, are becoming famous among malware authors for bypassing security defenses and addressing the weak points in their development process, BlackBerry researchers report. The research team selected these four programming languages because they have noticed an increase in their use…
Read More
Breaking Down the Latest March 2023 Patch Tuesday Report

Breaking Down the Latest March 2023 Patch Tuesday Report

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Attacks, Cyber Security, Threats & Vulnerabilities, Windows
The March 2023 Patch Tuesday report is out, and it’s packed with important security updates. Microsoft released 80 fixes, 9 of which are rated as critical. This month’s Patch Tuesday is important for IT professionals and system administrators, as it includes two zero-day vulnerabilities and 83 flaws that need to be addressed. These vulnerabilities could potentially allow attackers to gain unauthorized access to sensitive information, execute malicious code, or cause a denial-of-service condition. It is recommended that users apply these updates as soon as possible to avoid potential exploitation. In this blog post, we’ll discuss the latest March 2023 Patch Tuesday report from Microsoft and the most important updates. We’ll also provide some tips on how to make sure your systems are up-to-date with the latest security patches. So let’s…
Read More
Breaking Down the Latest June 2023 Patch Tuesday Report

Breaking Down the Latest June 2023 Patch Tuesday Report

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Attacks, Cyber Security, Threats & Vulnerabilities
Here is another Microsoft Patch Tuesday Report. Microsoft releases its monthly report to address various vulnerabilities and helps its customers stay aware of all the threats and possible security vulnerabilities. This June 2023 Patch Tuesday report also fixes some vulnerabilities in various Microsoft products.  This blog gives you an overview of the latest June 2023 Patch Tuesday report and highlights the vulnerabilities found, their categories, and their severity levels.  Microsoft Patch Tuesday, June 2023 Report Summary June 2023 Patch Tuesday report is out, and below is a quick overview of the report:  The report presents 94 vulnerabilities in total, out of which 6 are classified as critical, 60 as important, 2 as Low, and 16 as unknown.   There are no zero-day vulnerabilities found in June 2023 Patch Tuesday.  The affected…
Read More
How To Fix CVE-2021-43304(5)- Heap Buffer Overflow Vulnerabilities In ClickHouse Database Management System

How To Fix CVE-2021-43304(5)- Heap Buffer Overflow Vulnerabilities In ClickHouse Database Management System

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Security, Linux, Programming & Scripting, Tutorials
Security researchers JFrog have disclosed total multiple new high severity vulnerabilities in ClickHouse, an open-source database management system (DBMS) dedicated to online analytical processing (OLAP). The list is made up of seven vulnerabilities, ranging CVSS score from 6.5 to 8.8. It’s been said that attackers could weaponize these vulnerabilities to leak memory contents, remote code execution, and even crash the servers. Users of the ClickHouse Database Management System should consider reading this post because a user with the lowest privileges can trigger all the vulnerabilities. It is must to learn How to Fix CVE-2021-43304(5)- Heap Buffer Overflow Vulnerabilities in ClickHouse Database Management System. What Is ClickHouse Database Management System? ClickHouse is an open-source, high-performance columnar OLAP database management system developed by Yandex. It enables DB admins to generate holistic analytical reports using SQL queries in…
Read More
What is a VPN? Why Should You Avoid Free VPNs?

What is a VPN? Why Should You Avoid Free VPNs?

Application Security, Application/Appliance, Best Reads, Cloud & OS Platforms, Cyber Attacks, Cyber Security, INFOSEC, Linux, Threats & Vulnerabilities, Windows
The internet is something that connects the entire world from social media to video conferencing and event entertainment. The internet gives you the power to do just about anything, no matter where you are in the world. As long as you have a connection to the internet, you have the freedom to work remotely, watch movies and TV shows on Netflix, or even do research on just about any topic you can imagine. However, as time has gone on, the internet has become somewhat restricted in some areas. From internet censorship to geo-blocking restrictions, the internet has lost that sense of freedom that it always portrayed. On top of that, privacy and security have become serious concerns for most internet users around the world. Cybercrime is on the rise, and…
Read More
How To Fix CVE-2021-24084- Information Discloser Vulnerability In Windows 10?

How To Fix CVE-2021-24084- Information Discloser Vulnerability In Windows 10?

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Attacks, Cyber Security, Data Breaches, Network Security, Pen Testing, Threats & Vulnerabilities, Tutorials, Windows
Security researchers recently disclosed an Information discloser vulnerability (CVE-2021-24084) in Windows 10, enabling an attacker to gain unauthorized file system access and read arbitrary files on the vulnerable system. Microsoft has released the patch in Feb 2021. Unfortunately, the patch has failed to fully fix the CVE-2021-24084 vulnerability. However, there is an unofficial patch released by Opatch which could be used as a workaround until Microsoft address this issue. Let’s see how to fix CVE-2021-24084- Information Discloser Vulnerability In Windows 10. Windows Affected By CVE-2021-24084: The good news is that the no Windows server operating systems are affected as the “Access work or school” vulnerable functionality doesn’t exist on the server operating system. No need to worry about the server platform. This vulnerability affects Windows 10 operating system, which is the most…
Read More