19 Dec 2019

Microsoft Issues Out-of-Cycle SharePoint Update

Microsoft recently released an out-of-cycle update that patched previously undisclosed vulnerabilities that allowed an attacker to bypass validation and request credentials from the recipient. The update fixes this flaw, which could ultimately result in highly effective phishing messages. The phishing emails would come from within the victim’s organization, making them

Read More
17 Dec 2019

One in every 172 active RSA certificates are vulnerable to attack

On Saturday, a team of researchers from Keyfactor presented a vulnerability that they discovered in RSA certificates that could compromise one in every 172 certificates in use. The team presented their findings at the First IEEE Conference in Los Angeles, California. RSA certificates serve as public-key certificates, using cryptographic algorithms

Read More
09 Dec 2019

VMware Patches ESXi Vulnerability That Earned Hacker $200,000

On Thursday, VMware informed customers that it has released an updated version of its software that has patched a vulnerability that allowed for critical remote code execution in ESXi, which was exposed at China’s Tianfu Cup hacking competition earlier this month. The exploit, which only took 24 seconds to execute

Read More
21 Nov 2019

Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin

WordPress website admins and owners are encouraged to immediately apply the Jetpack 7.9.1 critical security update. Vulnerabilities in Jetpack that could leave websites subject to attack have existed since Jetpack 5.1. Jetpack is a popular WordPress plugin that features security, performance and site management services including malware scanning and brute-force

Read More
19 Sep 2019

Windows Defender malware scans are failing after a few seconds

The latest version of Windows Defender, the built-in anti-malware solution of Windows 10, is affected by a bug that causes Quick or Full scans to stop running after inspecting only a few files. The flaw is the result of a recent patch issued by Microsoft to solve another issue. It

Read More
09 Aug 2019

Steam Zero-Day Vulnerability Affects Over 100 Million Users

Security researchers have discovered a zero-day privilege escalation flaw in Steam, a highly popular video game distribution platform by Valve. While the vulnerability could pose a serious risk to the more than 100 million Steam users, Valve dismissed the issue when it was disclosed to the firm. The researcher who

Read More
09 Aug 2019

Decade-old remote code execution bug found in phones used by Fortune 500

Researchers with McAfee have discovered a critical security flaw in the firmware of the Avaya 9600 series IP desk phone that is used by enterprises, including Fortune 500 companies. The vulnerability can allow threat actors to remotely execute code on phones with the highest privileges. The remote code execution (RCE)

Read More
22 Jul 2019

Over 60 US Colleges Compromised by ERP Exploit

A major vulnerability in popular enterprise resource planning (ERP) software has enabled threat actors to compromise at least 62 colleges in the United States, the US Department of Education recently warned. A NIST advisory states that the flaw, tracked as CVE-2019-8978, impacts Ellucian Banner ERP and “allows remote attackers to

Read More
29 May 2019

One Million Devices Open to Wormable Microsoft BlueKeep Flaw

A recent analysis by Errata Security found that nearly one million devices remain vulnerable to the highly critical BlueKeep security flaw that could be used by threat actors to carry out a massive attack involving a worm, i.e. self-replicating malicious code. The vulnerability, tracked as CVE-2019-0708, impacts Remote Desktop Protocol

Read More
11 Apr 2019

Mailgun hacked part of massive attack on WordPress sites

Threat actors on Wednesday launched a massive hacking campaign targeting WordPress websites that use the Yuzo Related Posts plugin, a recently discontinued plugin that is vulnerable to a cross-site scripting (XSS) attack. The flaw allows attackers to inject malicious code into legitimate websites that will cause users to get redirected

Read More