03 Jun 2020

Two Critical Android Bugs Open Door to RCE

In June updates, Google and Qualcomm addressed significant vulnerabilities affected Andriod users that could lead to remote code execution (RCE) on applicable devices. The bugs, CVE-2020-0117, and CVE-2020-8597 affect Andriod versions 8 to 10 and can allow for RCE in the context of a privileged process. An attacker could potentially

Read More
23 Apr 2020

Connected Home Hubs Open Houses to Full Remote Takeover

According to researchers at ESET, three different connected home hub systems, Fibaro Home Center Lite, Homematic Central Control Unit, and Elko’s eLAN-RF-003 contain serious bugs that could allow for unauthenticated remote code execution (RCE) as well as information disclosure and man-in-the-middle attacks. The home hubs are used to connect to

Read More
22 Apr 2020

RCE Exploit Released for IBM Data Risk Manager, No Patch Available

IBM has not yet patched four serious security vulnerabilities that lie in the IBM Data Risk Manager (IDRM). The vulnerabilities can lead to unauthenticated remote code execution (RCE), according to an analysis from Agile Information Security. A proof-of-concept exploit is also available for version 2.0.3. IDRM serves as a software

Read More
09 Apr 2020

Over 350,000 Exchange Servers Exposed to Serious RCE Bug

According to Rapid7, over 350,000 Exchange servers across the globe remain exposed to a critical vulnerability patched by Microsoft in February. The vulnerability is actively exploited in the wild, according to researchers, and over 82% of the 433,464 Exchange servers detected are still vulnerable as of March 24. The vulnerability,

Read More
05 Nov 2019

Critical Remote Code Execution Flaw Found in Open Source rConfig Utility

A security researcher has discovered two remote code execution vulnerabilities, one of which is deemed critical, in the open-source network configuration tool rConfig that thousands of network engineers are using to snapshots of more than 7 million network devices. The critical flaw, tracked as CVE-2019-16662, makes it possible for a

Read More
09 Oct 2019

Google October Android Security Update Fixes Critical RCE Flaws

Google has released patches for 28 security vulnerabilities, 11 of which where critical flaws, affecting the Android operating system. Three of the critical bugs are remote code execution (RCE) flaws that could be exploited by attackers to run arbitrary code on vulnerable devices. The RCE vulnerabilities, tracked as CVE-2019-2184, CVE-2019-2185

Read More
23 Jul 2019

Critical RCE Flaw in Palo Alto Gateways Hits Uber

Tenable researchers have uncovered a remote code-execution (RCE) flaw affecting the VPN software offered by Palo Alto Networks. The vulnerability, tracked as CVE-2019-1579, was inadvertently fixed in the latest versions of the software, even though the company was unaware of it at the time. However, older versions of the VPN

Read More