Top

Category: Vulnerabilities


Threats & Malware, Vulnerabilities

Mozilla plugs critical Firefox zero-day used in targeted attacks

June 19, 2019

Via: Help Net Security

A critical Firefox zero-day remote code execution vulnerability is being abused in targeted attacks in the wild, Mozilla has warned on Tuesday. About the vulnerability (CVE-2019-11707) Mozilla did not share many details about the flaw – it simply stated that […]


Vulnerabilities

Oracle Patches Another Remote Code Execution Flaw in WebLogic

June 19, 2019

Via: Security Week

The security hole, tracked as CVE-2019-2729 with a CVSS score of 9.8, impacts WebLogic versions 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. The flaw was independently reported to Oracle by nearly a dozen researchers. According to Oracle, the vulnerability exists due to a […]


Threats & Malware, Vulnerabilities

Linux servers under attack via latest Exim flaw

June 14, 2019

Via: Help Net Security

It didn’t take long for attackers to start exploiting the recently revealed Exim vulnerability (CVE-2019-10149). Amit Serper, Cybereason’s head of security research, warned on Thursday about attackers exploiting the flaw to gain permanent root access via SSH to target Linux […]


Vulnerabilities

High-Severity Cisco Flaw in IOS XE Enables Device Takeover

June 14, 2019

Via: Threat Post

Cisco has patched a high-severity vulnerability in its software for routers and switches, which could enable a remote attacker to reconfigure or execute commands on impacted devices. IOS XE, a Linux-based version of Cisco’s Internetworking Operating System (IOS), is software […]


Threats & Malware, Vulnerabilities

Evernote Chrome extension flaw could have allowed access to personal info

June 13, 2019

Via: Help Net Security

Guardio discovered a major flaw in Evernote’s Web Clipper Chrome extension’s code that left it vulnerable, potentially allowing threat actors to access personal information from users’ online services. The vulnerability, a Universal XSS marked CVE-2019-12592, was discovered as part of […]


Cyber-crime, Malware, Virus & Malware, Vulnerabilities

Malware Can Be Hidden in DICOM Medical Imaging Files, DHS Warns

June 12, 2019

Via: Security Week

An alert issued by the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) on the ICS-CERT website is based on a blog post published in mid-April by Cylera, a company that provides cybersecurity and intelligence solutions for healthcare organizations. Cylera’s […]


Threats & Malware, Vulnerabilities

Vulnerability in WordPress Live Chat Plugin allows to steal and hijack sessions

June 12, 2019

Via: Security Affairs

Experts at Alert Logic have discovered a vulnerability in the popular WordPress Live Chat plugin that could be exploited by an unauthorized remote attacker to steal chat logs or manipulate chat sessions. The critical vulnerability, tracked as CVE-2019-12498, is a […]


Cyber-crime, Email security, Malware, Security, Vulnerabilities

Microsoft Warns of Email Attacks Executing Code Using an Old Bug

June 11, 2019

Via: Threat Post

Microsoft is warning of a fresh email campaign that distributes malicious RTF files boobytrapped with an exploit dating back to a 2017 vulnerability, CVE-2017-11882. The exploit allows attackers to automatically run malicious code without requiring user interaction. “The CVE-2017-11882 vulnerability […]


Email security, Security, Threats & Malware, Vulnerabilities

Vulnerability Found in Millions of Email Systems

June 10, 2019

Via: Dark Reading

Security researchers at Qualys Common discovered a remote command execution vulnerability in older versions of mail transfer agent (MTA) Exim — a critical, open source piece of the email infrastructure in many organizations. An MTA functions much like a router […]


Threats & Malware, Vulnerabilities

VMware addressed flaws in its Workstation and Tools

June 7, 2019

Via: Security Affairs

VMware has patched two high-severity flaws that affect its Tools and Workstation software. The first security flaw, tracked as CVE-2019-5522, affects VMware Tools 10.x on Windows. The vulnerability is an out-of-bounds read issue in the vm3dmp driver in Windows guest […]