Apache patches Tomcat RCE vulnerability
The Apache Software Foundation has released new Apache Tomcat versions and mitigations to address a remote code execution (RCE) vulnerability.
Apache patches Tomcat RCE vulnerability Read More »
2019
VPN applications exposed to critical vulnerability
Multiple VPN applications are vulnerable to not properly encrypting sensitive data and insecurely storing session cookies.
VPN applications exposed to critical vulnerability Read More »
DragonBlood WPA3 vulnerabilities discovered
The Wi-Fi Alliance® issued a security update confirming the discovery of vulnerabilities in WPA3-Personal by security researchers. The vulnerabilities collectively dubbed “DragonBlood” is based on the underlying Dragonfly handshake used by WPA3.
DragonBlood WPA3 vulnerabilities discovered Read More »
Microsoft provides new details on WinRar bug exploits
Microsoft security researchers revealed additional details on how cyber attackers were able to exploit the 19 year old WinRar vulnerability last March.
Microsoft provides new details on WinRar bug exploits Read More »
Intel releases security updates for multiple products
Intel has released four security advisories to address vulnerabilities in multiple Intel products, to include Intel® Media SDK, Intel® Graphics Performance Analyzer for Linux, Microprocessor Memory Mapping and Intel® NUC.
Intel releases security updates for multiple products Read More »
Microsoft April 2019 Security Updates, patches two 0-days
Microsoft issued the April 2019 Security Updates that include 74 unique vulnerability fixes, 16 of them rated critical and two zero-days that were being actively exploited.
Microsoft April 2019 Security Updates, patches two 0-days Read More »
Samba fixes two security vulnerabilities
Samba has released fixes for two security vulnerabilities that impact Samba products. A remote attacker could take advantage of these bugs and exploit unpatched systems.
Samba fixes two security vulnerabilities Read More »
Xiaomi phone vulnerabilities found in pre-installed software
Check Point security researchers have discovered a vulnerability in security software that comes pre-installed in Xiaomi smartphones.
Xiaomi phone vulnerabilities found in pre-installed software Read More »
FIN6 intrusion links to LockerGoga and Ryuk ransomware
Researchers at FireEye have discovered links between the FIN6 cyber criminal group and LockerGoga and Ryuk ransomware used in recent cyber attacks.
FIN6 intrusion links to LockerGoga and Ryuk ransomware Read More »
Apache Web Server “Carpe Diem” vulnerability update
The Apache Foundation has patched a high severity privilege escalation vulnerability in Apache HTTP Server 2.4 (releases 2.4.17 to 2.4.38). Web servers should be patched as soon as possible since the bug could allow attackers a way to gain “root” or full admin access to server.
Apache Web Server “Carpe Diem” vulnerability update Read More »