Google discloses actively exploited Windows zero-day (CVE-2020-17087)
Google researchers have made public a Windows kernel zero day vulnerability (CVE-2020-17087) that is being exploited in the wild in tandem with a Google Chrome flaw …
Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)
A critical and easily exploitable remote code execution vulnerability (CVE-2020-14882) in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. Oracle …
Are your domain controllers safe from Zerologon attacks?
CVE-2020-1472, a privilege elevation vulnerability in the Netlogon Remote Protocol (MS-NRPC) for which Microsoft released a patch in August, has just become a huge liability …
Potential Apache Struts 2 RCE flaw fixed, PoCs released
Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability …
Exploits for vBulletin zero-day released, attacks are ongoing
The fix for CVE-2019-16759, a remote code execution vulnerability in vBulletin that was patched in September 2019, is incomplete, security researcher Amir Etemadieh has …
Critical ManageEngine ADSelfService Plus RCE flaw patched
A critical vulnerability (CVE-2020-11552) in ManageEngine ADSelfService Plus, an Active Directory password-reset solution, could allow attackers to remotely execute commands …
Researchers flag two zero-days in Windows Print Spooler
In May 2020, Microsoft patched CVE-2020-1048, a privilege escalation vulnerability in the Windows Print Spooler service discovered by Peleg Hadar and Tomer Bar from SafeBreach …
Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data
An unauthenticated file read vulnerability (CVE-2020-3452) affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software is being exploited by …
Details and PoC for critical SharePoint RCE flaw released
Last week, a “wormable” remote code execution flaw in the Windows DNS Server service (CVE-2020-1350) temporarily overshadowed all the other flaws patched by Microsoft on July …
PoC RCE exploit for SMBGhost Windows flaw released
A security researcher has published a PoC RCE exploit for SMBGhost (CVE-2020-0796), a wormable flaw that affects SMBv3 on Windows 10 and some Windows Server versions. The PoC …
Fear the PrintDemon? Upgrade Windows to patch easily exploited flaw
Among the vulnerabilities patched by Microsoft on May 2020 Patch Tuesday is CVE-2020-1048, a “lowly” privilege escalation vulnerability in the Windows Print …
Using Cisco IP phones? Fix these critical vulnerabilities
Cisco has released another batch of fixes for a number of its products. Among the vulnerabilities fixed are critical flaws affecting a variety of Cisco IP phones and Cisco UCS …