RCE – WindowsTechs.com

This Week in Security: Curl Reveal, Rapid Reset DDoS, and Libcue

Posted on October 13, 2023 by Jonathan Bennett

Curl gave us all a big warning that a severe security problem had been found in that code-base. Given the staggering number of Curl installs around the world, we held …read more Continue reading This Week in Security: Curl Reveal, Rapid Reset DDoS, and Libcue→

JetBrains Patches Severe TeamCity Flaw Allowing RCE and Server Hijacking

Posted on September 27, 2023 by Deeba Ahmed

By Deeba Ahmed
JetBrains has fixed this flaw in version 2023.05.4 of the product released on September 18. It also released a security advisory but didn’t disclose technical details of the vulnerability for now.
This is a post from HackRead.com Read t… Continue reading JetBrains Patches Severe TeamCity Flaw Allowing RCE and Server Hijacking→

Siemens ALM 0-Day Vulnerabilities Posed Full Remote Takeover Risk

Posted on September 21, 2023 by Waqas

By Waqas
Tel Aviv-based firm OTORIO’s cybersecurity research team identified and reported these vulnerabilities.
This is a post from HackRead.com Read the original post: Siemens ALM 0-Day Vulnerabilities Posed Full Remote Takeover Risk
Continue reading Siemens ALM 0-Day Vulnerabilities Posed Full Remote Takeover Risk→

AXIS A1001 Network Door Controller Flaw Exposes Secure Facilities

Posted on July 27, 2023 by Deeba Ahmed

By Deeba Ahmed
The new discovery could have far-reaching implications for Physical Access Control Systems and sensitive facilities.
This is a post from HackRead.com Read the original post: AXIS A1001 Network Door Controller Flaw Exposes Secure Facilities
Continue reading AXIS A1001 Network Door Controller Flaw Exposes Secure Facilities→

Zero-Day in QNAP QTS Affects NAS Devices Globally

Posted on July 17, 2023 by Deeba Ahmed

By Deeba Ahmed
QNAP has released fixes for the zero-day vulnerability, so it’s important to install them immediately.
This is a post from HackRead.com Read the original post: Zero-Day in QNAP QTS Affects NAS Devices Globally
Continue reading Zero-Day in QNAP QTS Affects NAS Devices Globally→

Ghostscript bug could allow rogue documents to run system commands

Posted on July 4, 2023 by Paul Ducklin

Even if you’ve never heard of the venerable Ghostscript project, you may have it installed without knowing. Continue reading Ghostscript bug could allow rogue documents to run system commands→

ASUS warns router customers: Patch now, or block all inbound requests

Posted on June 20, 2023 by Paul Ducklin

“Do as we say, not as we do!” – The patches took ages to come out, but don’t let that lure you into taking ages to install them. Continue reading ASUS warns router customers: Patch now, or block all inbound requests→

PaperCut security vulnerabilities under active attack – vendor urges customers to patch

Posted on April 25, 2023 by Paul Ducklin

If you have the product, but you haven’t patched – well, the crooks have now landed, so please don’t delay. Do it today… Continue reading PaperCut security vulnerabilities under active attack – vendor urges customers to patch→

Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads

Posted on April 10, 2023 by Paul Ducklin

That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices – patch now! Continue reading Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads→

Dangerous Android phone 0-day bugs revealed – patch or work around them now!

Posted on March 17, 2023 by Paul Ducklin

Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation. Continue reading Dangerous Android phone 0-day bugs revealed – patch or work around them now!→