SANS ISC

Critical Exim flaw exploitable locally and remotely, patch ASAP!

June 7, 2019

A critical vulnerability in Exim, the mail transfer agent (MTA) deployed on over half of all Internet-facing mail servers, may allow attackers to run commands as the …

Adobe plugs critical RCE Flash Player flaw, update ASAP! Exploitation may be imminent

November 21, 2018

Adobe has released a Flash Player update that plugs a critical vulnerability (CVE-2018-15981) that could lead to remote code execution, and is urging users to implement it as …

Apache Struts 2.3.x vulnerable to two year old RCE flaw

November 6, 2018

The Apache Software Foundation is urging users that run Apache Struts 2.3.x to update the Commons FileUpload library to close a serious vulnerability that could be exploited …

Access misconfiguration opens 3D printers to remote attacks

September 5, 2018

Spurred by a report coming from a regular reader, SANS ISC handlers Richard Porter and Xavier Mertens searched for OctoPrint interfaces for 3D printers exposed online and …

New Drupal RCE vulnerability under active exploitation, patch ASAP!

April 26, 2018

Yet another Drupal remote code execution vulnerability has been patched by the Drupal security team, who urge users to implement the offered updates immediately as the flaw is …

What patches to prioritize following the April 2018 Patch Tuesday?

April 11, 2018

Patch Tuesday came and went and, as usual, Microsoft and Adobe have released patches/security updates for vulnerabilities affecting a wide variety of their products. …

Vulnerable Apache Solr, Redis, Windows servers hit with cryptominers

March 9, 2018

Vulnerable servers of all kinds are being targeted, compromised and made to mine cryptocurrencies for the attackers. Apache Solr servers under attack SANS ISC handler Renato …