fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft September 2021 Patch Tuesday Fixes 2 zero-days, 60 Flaws

Microsoft September 2021 Patch Tuesday Fixes 2 zero-days, 60 Flaws

Today is Microsoft’s September 2021 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 60 flaws.

Microsoft has fixed 60 vulnerabilities (86 including Microsoft Edge) with today’s update, with three classified as Critical, one as Moderate, and 56 as Important.

Of the total 86 vulnerabilities (including Microsoft Edge):

  • 27 Elevation of Privilege Vulnerabilities
  • 2 Security Feature Bypass Vulnerabilities
  • 16 Remote Code Execution Vulnerabilities
  • 11 Information Disclosure Vulnerabilities
  • 1 Denial of Service Vulnerabilities
  • 8 Spoofing Vulnerabilities

For information about the non-security Windows updates, you can read about today’s Windows 10 KB5005565 & KB5005566 cumulative updates.

Also Read: 12 Damaging Consequences of Data Breach

Microsoft fixes Windows MSHTML zero-day

Microsoft has released a security update for the Windows MSHTML remote code execution vulnerability tracked as CVE-2021-40444.

Last Tuesday, Microsoft disclosed a new zero-day Windows MSHTML remote code execution vulnerability that threat actors actively used in phishing attacks.

These attacks distributed malicious Word documents that exploited the CVE-2021-40444 to download and execute a malicious DLL file that installed a Cobalt Strike beacon on the victim’s computer.

This beacon allows a threat actor to gain remote access to the device to steal files and spread laterally throughout the network.

Soon after Microsoft disclosed the vulnerability, threat actors and security researchers began sharing guides on exploiting the vulnerability, which allowed anyone to start using it in attacks, as demonstrated below.

With the September 2021 Patch Tuesday updates, Microsoft has released a security update for this vulnerability.

As researchers discovered numerous ways to exploit the bug, including a bypass to mitigations, it is not clear if the security update fixes all of the techniques.

Two zero-days fixed, with one actively exploited

September’s Patch Tuesday includes fixes for two zero-day vulnerabilities, with the MSHTML bug actively exploited in the wild.

Also Read: Top 10 Main Reasons for Outsource Website Development

Microsoft classifies a vulnerability as a zero-day if publicly disclosed or actively exploited with no official security updates released.

The publicly disclosed, but not actively exploited, zero-day vulnerability is:

The only actively exploited vulnerability is the Windows MSHTML remote code execution vulnerability, as previously discussed:

  • CVE-2021-40444 – Microsoft MSHTML Remote Code Execution Vulnerability

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us