Collaborate Disseminate
A security researcher has published a PoC RCE exploit for SMBGhost (CVE-2020-0796), a wormable flaw that affects SMBv3 on Windows 10 and some Windows Server versions. The PoC exploit is unreliable, but could be used by malicious attackers as a starting… Continue reading PoC RCE exploit for SMBGhost Windows flaw released
Among the vulnerabilities patched by Microsoft on May 2020 Patch Tuesday is CVE-2020-1048, a “lowly” privilege escalation vulnerability in the Windows Print Spooler service. The vulnerability did not initially get much public attention but,… Continue reading Fear the PrintDemon? Upgrade Windows to patch easily exploited flaw
Cisco has released another batch of fixes for a number of its products. Among the vulnerabilities fixed are critical flaws affecting a variety of Cisco IP phones and Cisco UCS Director and Cisco UCS Director Express for Big Data, its unified infrastruc… Continue reading Using Cisco IP phones? Fix these critical vulnerabilities
After the inadvertent leaking of details about a wormable Windows SMBv3 RCE flaw (CVE-2020-0796) on Tuesday, Microsoft has rushed to release a patch (i.e., security updates). The flaw affects Windows 10 (versions 1903 and 1909) and Windows Server (1903… Continue reading Microsoft releases patch for leaked SMBv3 RCE flaw
For the third time in a year, Google has fixed a Chrome zero-day (CVE-2020-6418) that is being actively exploited by attackers in the wild. About CVE-2020-6418 No details have been shared about the attacks and about the flaw itself, apart from the shor… Continue reading Google fixes another Chrome zero-day exploited in the wild
Less than a month after the patching of a critical RCE flaw in OpenSMTPD, OpenBSD’s mail server, comes another call to upgrade to the latest version, as two additional security holes have been plugged. Discovered by Qualys researchers, one is a less se… Continue reading A new RCE in OpenSMTPD’s default install, patch available
Through 2022, 80% of supply chain blockchain initiatives will remain at a proof-of-concept (POC) or pilot stage, according to Gartner. One of the main reasons for this development is that early blockchain pilots for supply chain pursued technology-orie… Continue reading Benefits of blockchain pilot programs for risk management planning
Are publicly-released PoC exploits good or bad? Why is the Joker malware giving Google a headache? The Threatpost team discusses all this and more in this week’s news wrap. Continue reading News Wrap: PoC Exploits, Cable Haunt and Joker Malware
Two proof-of-concept exploits were publicly released for the major Microsoft crypto-spoofing vulnerability. Continue reading PoC Exploits Published For Microsoft Crypto Bug
Cisco has fixed 12 vulnerabilities in Cisco Data Center Network Manager (DCNM), a platform for managing Cisco switches and fabric extenders that run NX-OS, and has warned about a spike in exploitation attempts of an old flaw affecting Cisco Adaptive Se… Continue reading Cisco Data Center Network Manager flaws fixed, Cisco ASA appliances under attack