MS Office zero-day is used to infect millions of users with Dridex
The still unpatched MS Office zero-day vulnerability publicized by McAfee and FireEye researchers this weekend is being exploited to deliver the infamous Dridex banking …
exploit
Exploit revealed for remote root access vulnerability affecting many router models
Back in January 2013, researchers from application security services firm DefenseCode unearthed a remote root access vulnerability in the default installation of some Cisco …
MS Office zero-day exploited in attacks – no enabling of macros required!
A new zero-day flaw affecting all versions of Microsoft Office is being exploited in attacks in the wild, and no user is safe – not even those who use a fully patched …
How attackers exploit whitelists
If there is a technology or security measure that can help organizations protect their assets from attackers or malware, you can be sure that attackers will try to find a way …
Actively exploited zero-day in IIS 6.0 affects 60,000+ servers
Microsoft Internet Information Services (IIS) 6.0 sports a zero-day vulnerability (CVE-2017-7269) that was exploited in the wild last summer and is likely also being exploited …
Medical washer-disinfector appliance’s web server open to attack
Here’s a string of words that you probably never thought you’ll hear: An Internet-connected washer-disinfector appliance by German manufacturer Miele sports a …
Hijacking Windows user sessions with built-in command line tools
Did you know that by using built-in command line tools, any user with system rights and permissions (usually a local administrator) can hijack the session of any logged-in …
Unpatched flaw opens Ubiquiti Networks devices to compromise
A critical vulnerability in many of Ubiquiti Networks’ networking devices can be exploited by attackers to take over control of the device and, if that device acts as a …
By the end of March no one will remember that Microsoft missed a Patch Tuesday
Like the weather in Minnesota, the March Patch Forecast is unpredictable at best. Be prepared for turbulent times interspersed with moments of calm. Will March Patch Tuesday …
Apache servers under attack through easily exploitable Struts 2 flaw
A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday. System administrators are …
