vulnerability
Critical ManageEngine ADSelfService Plus RCE flaw patched
A critical vulnerability (CVE-2020-11552) in ManageEngine ADSelfService Plus, an Active Directory password-reset solution, could allow attackers to remotely execute commands …
Researchers flag two zero-days in Windows Print Spooler
In May 2020, Microsoft patched CVE-2020-1048, a privilege escalation vulnerability in the Windows Print Spooler service discovered by Peleg Hadar and Tomer Bar from SafeBreach …
TeamViewer flaw could be exploited to crack users’ password
A high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further …
Security analysis of legacy programming environments reveals critical flaws
New research from Trend Micro highlights design flaws in legacy languages and released new secure coding guidelines. These are designed to help Industry 4.0 developers greatly …
Meetup vulnerabilities enabled group takeovers, payment redirections
Two high-risk vulnerabilities in Meetup, a popular online service that’s used to create groups that host local in-person events, allowed attackers to easily take over …
Bug in widely used bootloader opens Windows, Linux devices to persistent compromise
A vulnerability (CVE-2020-10713) in the widely used GRUB2 bootloader opens most Linux and Windows systems in use today to persistent compromise, Eclypsium researchers have …
Researchers find critical RCE vulnerabilities in industrial VPN solutions
Critical vulnerabilities in several industrial VPN implementations for remotely accessing operational technology (OT) networks could allow attackers to overwrite data, execute …
Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data
An unauthenticated file read vulnerability (CVE-2020-3452) affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software is being exploited by …
Adobe out-of-band security updates for Photoshop, Prelude, Bridge
A week after July 2020 Patch Tuesday, Adobe has released out-of-band security updates to fix thirteen vulnerabilities – twelve of which critical – in Adobe …
20,000+ new vulnerability reports predicted for 2020, shattering previous records
Over 9,000 new vulnerabilities have been reported in the first six months of 2020, and we are on track to see more than 20,000 new vulnerability reports this year — a new …
Details and PoC for critical SharePoint RCE flaw released
Last week, a “wormable” remote code execution flaw in the Windows DNS Server service (CVE-2020-1350) temporarily overshadowed all the other flaws patched by Microsoft on July …
Internet security is improving, but exposures still run rampant
Rapid7’s research found that the security of the internet overall is improving. The number of insecure services such as SMB, Telnet, rsync, and the core email protocols, …
Featured news
Resources
Don't miss
- Hawk Eye: Open-source scanner uncovers secrets and PII across platforms
- The Zoom attack you didn’t see coming
- Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
- The UK’s phone theft crisis is a wake-up call for digital security
- Securing digital products under the Cyber Resilience Act