Vulnerabilities & Exploits
- June 20, 2019Oracle published an out-of-band security alert advisory on CVE-2019-2729, a zero-day deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services.
Critical Linux and FreeBSD Vulnerabilities Found by Netflix, Including One That Induces Kernel PanicJune 18, 2019A Netflix researcher uncovered four critical vulnerabilities — CVE-2019-11477, CVE-2019-11478, CVE-2019-5599, and CVE-2019-11479 — within the TCP implementations on Linux and FreeBSD kernels.
- June 14, 2019Two hacking groups have been spotted attacking vulnerable Exim email servers, trying to exploit CVE-2019-10149. One group uses a public internet server, and another a server on the dark web.
- May 31, 2019A security researcher, going by the handle SandboxEscaper, published an exploit code for a zero-day vulnerability in Windows' Task Scheduler utility. Here's what you need to know.
- May 29, 2019Almost a million systems are reportedly vulnerable to BlueKeep (CVE-2019-0708), a critical vulnerability in remote desktop services. Here are some best practices that can help defend against threats that may exploit it.
- May 15, 2019Researchers reported new side-channel attacks — ZombieLoad, Fallout, and Rogue In-Flight Data Load (RIDL) — that can leak data being processed by vulnerable Intel processors. Here's what you need to know.
- May 10, 2019Threat actors were found exploiting CVE-2018-1000861, a vulnerability in the Stapler web framework that is used by the Apache Jenkins open-source software development automation server with versions 2.153 and earlier.
CVE-2019-0211: Patched Apache HTTP Server Root Privilege Escalation Flaw, A Priority for Web Hosting ProvidersApril 05, 2019Attackers can exploit a vulnerability in Apache HTTP server to gain elevated privileges and complete control of a target machine.
- April 04, 2019Trend Micro researchers uncovered a new variant of the notorious Mirai malware that uses multiple exploits to target various routers and internet-of-things devices.