Microsoft solves critical error older Windows versions with updates
Microsoft has released updates to resolve a critical vulnerability in Remote Desktop Services that affect a number of older versions of Windows. The vulnerability could spread in a similar way as WannaCry did in 2017, says the company in a blog post.
Specifically, it concerns a Remote Code Executio... Read more
Security researchers find serious equipment leakage Cisco
Cisco devices have been affected by a serious vulnerability. Red Balloon security researchers discovered the problem in 2018, but have now announced it. For the vast majority of the affected devices, it will take months before the problem can be solved.
The problem is called Thrangrycat and uses an ... Read more
Vulnerability in WhatsApp had hackers install spyware on phones
Hackers could inject commercial spyware developed by the Israeli company NSO Group into phones through a vulnerability in WhatsApp chat app. That's what The Financial Times reports. WhatsApp, a subsidiary of Facebook, discovered the vulnerability in early May.
At the beginning of this month, the co... Read more
Enterprise networks are at risk from vulnerabilities in a hundred Jenkins plug-ins
Viktor Gazdag, security consultant at the NCC Group, has found and reported vulnerabilities in over 100 different Jenkins plug-ins over the past 18 months. Gazdag has informed developers, but many plugins haven't gotten a fix yet.
The Jenkins team has published ten security advisories on vulnerabil... Read more
“50,000 enterprises running SAP software may be vulnerable to exploits.
Up to 50,000 enterprises using SAP solutions may be vulnerable to cyber-attacks due to new exploits focusing on configuration errors in the software. That's what security researchers at Onapsis Research Labs say.
Exploits called 10KBlaze focus on two technical components of SAP Software. The exploi... Read more
Cisco warns of critical error in ASR 9000 Series routers
Cisco has announced 29 new vulnerabilities and is alerting customers using ASR 9000 Series Aggregation Services Routers about a critical failure. The vulnerability can be exploited remotely, without the need for a password. The error will be solved with an update.
The ASR error is called CVE-2019-17... Read more
Zero-day in Internet Explorer lets hackers steal files from Windows PCs
Security researcher John Page has published details and a proof-of-concept about a zero-day in Internet Explorer. With the error, hackers can steal files from Windows systems.
The vulnerability lies in the way Internet Explorer processes MHT files, writes ZDNet. MHT stands for MHTML Web Archive and... Read more
US warns of security flaws in enterprise VPN apps
According to Homeland Security's cyber security department in America, several enterprise VPN apps are vulnerable to a security failure that allows a remote attacker to break into a company's internal network.
The Cybersecurity and Infrastructure Security Agency of the United States has published a ... Read more
Leak in Google Chrome shows problems in Google’s patch process
István Kurucsai, security researcher for Exodus Intelligence, has published proof-of-concept code for a vulnerability in Google Chrome that has not yet been plugged. The researcher wants to show that there are problems with Google's patch process.
The vulnerability - a remote code execution error... Read more
Bug in Apache server gives attackers root access in shared host environments
The Apache HTTP Server - the most widely used Web server on the Internet - has closed a serious vulnerability that has allowed unfamiliar users or software to gain unlimited control over the machine on which the software runs.
The vulnerability, called CVE-2019-0211, is a local privilege escalation... Read more