Collaborate Disseminate
There were 11 critical bugs and six that were unpatched but publicly known in this month’s regularly scheduled Microsoft updates. Continue reading October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
http://hunger.hu/webgl.html
WARNING: only visit this website, it you don’t mind crashing your PC!
so how is this possible? the website dates back to 2014! It is 2020 and by only visiting a website causes it to crash?
backup links for the h… Continue reading Remotely crashing a PC by only visiting a website? Is this an at least 6 year old WebGL bug?
Despite Microsoft issuing patches almost eight months ago, 61 percent of Exchange servers are still vulnerable. Continue reading Microsoft Exchange Servers Still Open to Actively Exploited Flaw
Two bugs (CVE-2020-4703 and CVE-2020-4711) in IBM’s Spectrum Protect Plus data-storage protection solution could enable remote code execution. Continue reading IBM Spectrum Protect Plus Security Open to RCE
The September Android security bulletin addressed critical- and high-severity flaws tied to 53 CVEs overall. Continue reading Google Squashes Critical Android Media Framework Bug
Researchers warn of critical vulnerabilities in a third-party industrial component used by top ICS vendors like Rockwell Automation and Siemens. Continue reading Critical Flaws in 3rd-Party Code Allow Takeover of Industrial Control Systems
The most concerning of the disclosed bugs would allow an attacker to take over Microsoft Exchange just by sending an email. Continue reading Microsoft’s Patch Tuesday Packed with Critical RCE Bugs
I recently installed a new printer in our network. Just because I was interested, I switched to wireshark when scanning for and adding the printer on windows. I noticed that it was discoverd through mdns and then instructed windows to down… Continue reading Rogue network printers as an attack vector in windows
In April, security researcher Rich Mirch got a text from a friend who had just switched to a new wireless router and was raving about its high-speed internet. You have to try it, the friend told Mirch. Curious, Mirch downloaded the router’s firmware and started picking it apart. He found that the device, made by an obscure Canada-based company called MoFi Network, had multiple password-related vulnerabilities packed into its code. But Mirch wanted to delve deeper. So the senior adversarial engineer at Texas-based security firm CriticalStart ordered the router online and rolled up his sleeves. He ended up finding 10 previously undisclosed vulnerabilities in the device that, if exploited, could allow attackers to steal passwords and data from networks running the vulnerable routers, including VPN credentials and API keys. “Some of these vulnerabilities have probably existed since 2015,” said Mirch, who published his findings on Wednesday. The research points to a longstanding […]
The post Router vendor has patched some zero-days, but leaves others wide open appeared first on CyberScoop.
Continue reading Router vendor has patched some zero-days, but leaves others wide open
Two flaws – one of them yet to be fixed – are afflicting a third-party plugin used by Magento e-commerce websites. Continue reading Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws