Stark warning from SANS' Johannes Ullrich - RCE's gonna GET 'ya Last week Oracle released one of its mammoth quarterly patch dumps - with 402 fixes. Well, it turns out that if you missed one and you're running WebLogic 10.3.6.0.0, 184.108.40.206.0, 220.127.116.11.0, 18.104.22.168.0 and 22.214.171.124.0, you've probably already been tagged by hackers.…
Code-execution bug has severity rating of 9.8 out of 10; little skill needed to exploit.
QNAP is urging users to update QTS to the latest version to secure their NAS devices from any potential attacks.
Cybercriminals are actively exploiting vulnerabilities in Cisco's carrier-grade routers in the wild.
Plus this Chrome one being exploited in the wild, we note The NSA has blown the lid off 25 computer security vulnerabilities Chinese government hackers are using to break into networks, steal data, and so on. The US super-spies said they went public with their list to help IT staff prioritize bug fixing. That is to say: if you're unsure of which patches to apply, do these first.…
Adobe issues out-of-band patches, too, for Photoshop, Illustrator, InDesign, After Effects, etc Sysadmins responsible for VMware deployments should test and apply the latest security updates for the software.…
Versions 10.3.0 and lower of Hotspot Shield's Windows client are vulnerable to privilege escalation.
Zerologon vulnerability lets hackers access network crown jewels almost instantly.
A security researcher has publicly disclosed a vulnerability in SaferVPN after the company failed to credit his work.
Same mob promised not to target healthcare facilities The Doppelpaymer ransomware gang were behind the cyber-attack on a German hospital that allegedly led to one patient's death, according to local sources.…
CISA's warning comes a week after a working PoC was published
The post “Zerologon” Continues to Reverberate, as Gov’t Scrambles to Patch appeared first on Computer Business Review.
Now patched vulnerability could have allowed remote attackers to bypass the VPN client's kill switch.
Telecom kit maker points finger in the general direction of Middle Kingdom's complicated supply chain Hardware video encoders from multiple suppliers contain several critical security bugs that allow a remote unauthenticated miscreant to run arbitrary code on the equipment.…
Please just patch your infrastructure, begs US-CISA Where Chinese hackers exploit, Iranians aren’t far behind. So says the US Cybersecurity and Infrastructure Security Agency, which is warning that malicious persons from Iran are exploiting a slew of vulns in VPN products from Citrix, F5 Networks and Pulse Secure.…
Beijing's snoops don't even need zero-days to break into valuable networks The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses.…
Zerologon lets anyone with a network toehold obtain domain-controller password.
Microsoft has released 129 updates to its Windows ecosystem, but the good news this month is that we are not responding to any zero-days or publicly reported vulnerabilities. Microsoft appears to be getting serious about removing Adobe Flash Player (a good thing) and we see a very broad update to Windows desktops and servers. Unusually, Microsoft’s browsers are not a huge focus this month, and both the Microsoft Office (excluding SharePoint) and development platform have received only a few, lower profile patches.[ Related: Microsoft revamps Windows Insider release vernacular ]
We have included a helpful infographic, which this month looks a little lopsided as all of the attention should be on Windows components.To read this article in full, please click here
Researchers have discovered a new vulnerability that affects dual-mode Bluetooth devices that support Bluetooth Classic and Bluetooth Low Energy.
Don't be so smug, Mac users, you're open to an InDesign project file A nightmare flaw for Exchange Server headlines this month's Patch Tuesday lineup from Microsoft and others.…
"... That doesn’t quite make it wormable, but it’s about the worst-case scenario for Exchange servers"
The post Patch Tuesday September Brings 129 Bugs, 23 Critical appeared first on Computer Business Review.