Author: Asad Yaseen

Today’s VERT Alert addresses Microsoft’s February 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-928 on Wednesday, February 10th. In-The-Wild & Disclosed CVEs CVE-2021-1732 A vulnerability in Win32k that allows for privilege escalation has been exploited in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) released a note about this vulnerability under the National Cyber Awareness System. Microsoft has rated this as Exploit Detected on the…

Despite addressing only 56 CVEs, Microsoft’s February 2021 Patch Tuesday release contains fixes for a number of significant security threats, as well as an elevation of privilege vulnerability disclosed by Tenable’s Zero Day Research team. Microsoft patched 56 CVEs in the February 2021 Patch Tuesday release, including 11 CVEs rated as critical and 43 rated as important. This month’s Patch Tuesday release includes fixes for .NET Core, .NET Framework, Azure IoT, Developer Tools, Microsoft Azure…

All users of Plex Media Server are urged to apply the hotfix, which directs their servers to respond to UDP requests only from the local network and not the public internet. Image: iStockphoto/ArtHead- Media company Plex has fixed a vulnerability in its media server that could have been used by hackers to strengthen DDoS attacks. In an announcement released last Friday and updated on Saturday, Plex said that it has issued hotfix 66 for Plex…

The concept of a trail of breadcrumbs in the offensive security community is nothing new; for many years, researchers on both sides of the ethical spectrum have followed the compass based on industry-wide security findings, often leading to groundbreaking discoveries in both legacy and modern codebases alike. This happened in countless instances, from Java to Flash to Internet Explorer and many more, often resulting in widespread findings and subsequent elimination or modification to large amounts…

Zerologon has quickly become valuable to nation-state threat actors and ransomware gangs, making it imperative for organizations to apply these patches immediately if they have not yet done so. Background On February 9, as part of its February 2021 Patch Tuesday release, Microsoft released an additional patch for Zerologon to enable a security setting by default to protect vulnerable systems. CVE-2020-1472, also known as “Zerologon,” is a critical elevation of privilege vulnerability in Microsoft’s Netlogon…

A US Army Cyber Command major has been sentenced to 30 years in federal prison for producing child sexual abuse material (CSAM). Jason Michael Musgrove, of Grovetown, Georgia, was arrested in December 2019. At the time of his apprehension by law enforcement officers, the 41-year-old was serving as an integrated threat operations officer with Top Secret/Sensitive Compartmentalized Information clearance, assigned to the Army Cyber Joint Headquarters at Fort Gordon in Augusta, Georgia. According to court…