Vulnerabilities & Exploits
- 29 de julio de 2019Hackers use fileless threats to take advantage of existing applications and attack systems. Here we discuss noteworthy events, techniques, and best practices that can help identify fileless threats and defend against attacks.
- 23 de julio de 2019The US Department of Education released a security advisory on ERP vulnerabilities after 62 institutions were infiltrated, stealing students' IDs to create fake accounts.
- 19 de julio de 2019A quick review of some of the most destructive cyberattacks and data breaches over the past few years show just how much damage unpatched vulnerabilities can inflict on an organization.
- 10 de julio de 2019Two vulnerabilities, assigned CVE-2019-9629 and CVE-2019-9630, were uncovered in Sonatype’s Nexus Repository Manager (NXRM) — an open-source governance platform used by DevOps professionals.
- 26 de junio de 2019Kubernetes announced the discovery of CVE-2019-11246, a high-severity vulnerability affecting the command-line interface kubectl, during an ongoing third-party security audit.
- 21 de junio de 2019Dell urges users to update the vulnerable SupportAssist tool built into its business and home machines. The privilege escalation vulnerability could allow hackers control over Dell computers running Windows, if left unpatched.
- 20 de junio de 2019Oracle published an out-of-band security alert advisory on CVE-2019-2729, a zero-day deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services.
- 18 de junio de 2019A Netflix researcher uncovered four critical vulnerabilities — CVE-2019-11477, CVE-2019-11478, CVE-2019-5599, and CVE-2019-11479 — within the TCP implementations on Linux and FreeBSD kernels.
- 14 de junio de 2019Two hacking groups have been spotted attacking vulnerable Exim email servers, trying to exploit CVE-2019-10149. One group uses a public internet server, and another a server on the dark web.