vulnerability
Intel will not provide Spectre/Meltdown microcode updates for some processor families
Intel has decided not to provide microcode updates to plug Spectre and Meltdown vulnerabilities in a number of older processors. According to the last update (April 2, 2018) …
Critical vulnerability opens Cisco switches to remote attack
A critical vulnerability affecting many of Cisco’s networking devices could be exploited by unauthenticated, remote attackers to take over vulnerable devices or trigger …
Flaws in ManageEngine apps opens enterprise systems to compromise
Researchers have discovered multiple severe vulnerabilities in ManageEngine’s line of tools for internal IT support teams, which are used by over half of Fortune 500 …
AMD confirms processor flaws found by CTS Labs, firmware fixes are coming
Chipmaker AMD has confirmed that the vulnerabilities discovered by CTS Labs researchers earlier this month do affect a variety of its products, and that firmware patches …
Microsoft kicks off bounty program for speculative execution bugs
Microsoft wants security researchers to search for and report speculative execution side channel vulnerabilities (a hardware vulnerability class that affects CPUs from …
Dangerous CredSSP flaw opens door into corporate servers
A critical vulnerability in the Credential Security Support Provider protocol (CredSSP), introduced in Windows Vista and used in all Windows versions since then, can be …
Researchers find critical flaws in SecurEnvoy SecurMail, patch now!
If you’re a user of SecurEnvoy SecurMail and you haven’t yet implemented the latest patch, do so now – or risk getting your encrypted emails read by …
Vulnerable Apache Solr, Redis, Windows servers hit with cryptominers
Vulnerable servers of all kinds are being targeted, compromised and made to mine cryptocurrencies for the attackers. Apache Solr servers under attack SANS ISC handler Renato …
Exim vulnerability opens 400,000 servers to remote code execution
If you’re using the Exim mail transfer agent on your Internet-connected Unix-like systems and you haven’t yet upgraded to version 4.90.1, now is the time to do it …
New LTE attacks open users to eavesdropping, fake messages, location spoofing
A group of researchers has uncovered ten new attacks against the 4G LTE wireless data communications technology for mobile devices and data terminals. The attacks exploit …
Phillips clinical imaging solution plagued by vulnerabilities
Phillips is developing a software update to mitigate 35 CVE-numbered vulnerabilities in the Philips IntelliSpace Portal (ISP), a clinical imaging visualization and analysis …
Trend Micro fixes serious vulnerabilities in Email Encryption Gateway
Trend Micro has plugged a bucketload of vulnerabilities in its Email Encryption Gateway, some of which can be combined to execute root commands from the perspective of a …