Collaborate Disseminate
After the inadvertent leaking of details about a wormable Windows SMBv3 RCE flaw (CVE-2020-0796) on Tuesday, Microsoft has rushed to release a patch (i.e., security updates). The flaw affects Windows 10 (versions 1903 and 1909) and Windows Server (1903… Continue reading Microsoft releases patch for leaked SMBv3 RCE flaw
For the third time in a year, Google has fixed a Chrome zero-day (CVE-2020-6418) that is being actively exploited by attackers in the wild. About CVE-2020-6418 No details have been shared about the attacks and about the flaw itself, apart from the shor… Continue reading Google fixes another Chrome zero-day exploited in the wild
Less than a month after the patching of a critical RCE flaw in OpenSMTPD, OpenBSD’s mail server, comes another call to upgrade to the latest version, as two additional security holes have been plugged. Discovered by Qualys researchers, one is a less se… Continue reading A new RCE in OpenSMTPD’s default install, patch available
Through 2022, 80% of supply chain blockchain initiatives will remain at a proof-of-concept (POC) or pilot stage, according to Gartner. One of the main reasons for this development is that early blockchain pilots for supply chain pursued technology-orie… Continue reading Benefits of blockchain pilot programs for risk management planning
Are publicly-released PoC exploits good or bad? Why is the Joker malware giving Google a headache? The Threatpost team discusses all this and more in this week’s news wrap. Continue reading News Wrap: PoC Exploits, Cable Haunt and Joker Malware
Two proof-of-concept exploits were publicly released for the major Microsoft crypto-spoofing vulnerability. Continue reading PoC Exploits Published For Microsoft Crypto Bug
Cisco has fixed 12 vulnerabilities in Cisco Data Center Network Manager (DCNM), a platform for managing Cisco switches and fabric extenders that run NX-OS, and has warned about a spike in exploitation attempts of an old flaw affecting Cisco Adaptive Se… Continue reading Cisco Data Center Network Manager flaws fixed, Cisco ASA appliances under attack
Two remote code execution (RCE) vulnerabilities in Apache Solr could be exploited by attackers to compromise the underlying server. One – CVE-2019-12409 – has already been patched, while the other – currently without a CVE number R… Continue reading Apache Solr RCEs with public PoCs could soon be exploited
A recently patched vulnerability (CVE-2019-11043) in PHP is being actively exploited by attackers to compromise NGINX web servers, threat intelligence firm Bad Packets has confirmed. For a successful exploitation, target servers must have the PHP-FPM (… Continue reading PHP RCE flaw actively exploited to pop NGINX servers
Late last month Google Project Zero researcher Maddie Stone detailed a zero-day Android privilege escalation vulnerability (CVE-2019-2215) and revealed that it is actively being exploited in attacks in the wild. She also provided PoC code that could he… Continue reading Researcher releases PoC rooting app that exploits recent Android zero-day