Microsoft Patch Tuesday fixes 3 exploited zero-days and 77 others
Microsoft's February 2023 Patch Tuesday landed on Valentine's Day and brought security updates that fixed three actively exploited zero-day vulnerabilities and about 77 other flaws. Of the 77, nine have been classified as 'Critical' because they allow remote code execution on affected devices.
T... Read more
Cybercriminals exploit critical vulnerabilities in Veeam Backup
Security company CloudSEK revealed three critical vulnerabilities in Veeam Backup & Replication, one of the most popular backup solutions. The vulnerabilities have been exploited by multiple cybercriminals.
Organizations that use the most recent version of Backup & Replication are safe.... Read more
New Spring Java framework vulnerability could be next Log4Shell
The zero day vulnerability allows remote code execution.
A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, according to a report in Bleeping Computer. The vulnerability allows unauthenticated remote code execution on applications.
... Read more
Vulnerability in Apache Cassandra opens door for remote code execution
Security specialist JFrog warns of a bug in Apache Cassandra's Nashorn engine that allows remote code execution in affected systems.
Apache Cassandra is an open-source distributed NoSQL database management system for handling large amounts of data on standard servers. The system, originally deve... Read more
Red Hat Linux, SUSE Linux and Ubuntu are vulnerable to RCE attacks
A serious vulnerability in network protocol Samba makes Linux servers vulnerable to RCE attacks (remote code execution). Samba is incorporated into Red Hat Linux, SUSE Linux and Ubuntu. Servers with outdated distros are at risk.
Network protocol Samba is used by various platforms for file sharin... Read more
600,000 WordPress websites threatened by critical RCE vulnerability
Multiple versions of WordPress plugin 'Essential Addons for Elementor' are vulnerable to remote code execution (RCE). The plugin is used by hundreds of thousands of websites. The vulnerability is present in every version prior to 5.0.5.
Its attack surface is huge. According to WordPress, the plu... Read more
Apple warns for active exploited zero-day vulnerability on Macs
Apple has warned iPhone and Mac users that it is aware of a zero-day bug under active exploit. The company thanked Google for spotting the bug, assigned CVE-2021-30869, which the world's largest ad company seems to have noticed since it impacts the WebKit browser engine.
It is a serious flaw, as... Read more
Systems with Apache OpenOffice are vulnerable by malicious documents
Apache OpenOffice is currently vulnerable to a remote code execution flaw. The app’s source code has been patched but the fix is only available as beta software, awaiting the official release.
That means that people running the open-source office suite, which has been downloaded hundreds of mi... Read more
Microsoft’s Patch Tuesday contained fixes for a zero-day bug and OMI
Among the 60 security fixes and updates Microsoft released on Patch Tuesday (14th september), was a fix resolving a Remote Code Execution problem in MSHTML.
The products affected by the September security update include Azure Sphere, Azure Open Management, PowerPoint, Office Excel, Access, Word,... Read more
Vulnerability in popular JavaScript NPM library
After a severe remote code execution vulnerability was found in the popular NPM code library called Pac-Resolver, an update was released to patch it up. Developers who have used the package in their applications should make sure they update their dependencies to eliminate the bug.
They should al... Read more