Microsoft patched the flaws allowing leaked Windows exploits to work
Microsoft has patched the vulnerabilities that allowed nine of the exploits released by the Shadow Brokers on Friday to work, and said that of the three remaining exploits, …
MS Office zero-day is used to infect millions of users with Dridex
The still unpatched MS Office zero-day vulnerability publicized by McAfee and FireEye researchers this weekend is being exploited to deliver the infamous Dridex banking …
Exploit revealed for remote root access vulnerability affecting many router models
Back in January 2013, researchers from application security services firm DefenseCode unearthed a remote root access vulnerability in the default installation of some Cisco …
MS Office zero-day exploited in attacks – no enabling of macros required!
A new zero-day flaw affecting all versions of Microsoft Office is being exploited in attacks in the wild, and no user is safe – not even those who use a fully patched …
How attackers exploit whitelists
If there is a technology or security measure that can help organizations protect their assets from attackers or malware, you can be sure that attackers will try to find a way …
Actively exploited zero-day in IIS 6.0 affects 60,000+ servers
Microsoft Internet Information Services (IIS) 6.0 sports a zero-day vulnerability (CVE-2017-7269) that was exploited in the wild last summer and is likely also being exploited …
Medical washer-disinfector appliance’s web server open to attack
Here’s a string of words that you probably never thought you’ll hear: An Internet-connected washer-disinfector appliance by German manufacturer Miele sports a …
Hijacking Windows user sessions with built-in command line tools
Did you know that by using built-in command line tools, any user with system rights and permissions (usually a local administrator) can hijack the session of any logged-in …
Unpatched flaw opens Ubiquiti Networks devices to compromise
A critical vulnerability in many of Ubiquiti Networks’ networking devices can be exploited by attackers to take over control of the device and, if that device acts as a …
By the end of March no one will remember that Microsoft missed a Patch Tuesday
Like the weather in Minnesota, the March Patch Forecast is unpredictable at best. Be prepared for turbulent times interspersed with moments of calm. Will March Patch Tuesday …
Apache servers under attack through easily exploitable Struts 2 flaw
A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday. System administrators are …
Researchers bypass ASLR protection with simple JavaScript code
A group of researchers from the Systems and Network Security Group at VU Amsterdam have discovered a way to bypass address space layout randomization (ASLR) protections of …
Featured news
Sponsored
Don't miss
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)
- May 2024 Patch Tuesday forecast: A reminder of recent threats and impact
- How secure is the “Password Protection” on your files and drives?
- F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026)
- Zscaler swats claims of a significant breach