CVE-2019-0708: BlueKeep Exploits Could Be Around the Corner
August 1, 2019Nearly 80 days after the announcement of BlueKeep, threats of exploitation remain. Those who have not patched remain at risk as rumors of exploit scripts surface. Background In May 2019, Microsoft r...
Critical Vulnerabilities Dubbed URGENT/11 Place Devices Running VxWorks at Risk of RCE Attacks
July 29, 2019Eleven vulnerabilities, including RCEs, denials of service, information leaks and logical flaws, were recently disclosed, impacting the RTOS VxWorks Background The Armis Research Team has released a...
WatchBog Malware Adds BlueKeep Scanner (CVE-2019-0708), New Exploits (CVE-2019-10149, CVE-2019-11581)
July 25, 2019Scanner for “BlueKeep” vulnerability and newly minted exploits for Exim and Jira incorporated into cryptocurrency mining malware. Background On July 24, researchers at Intezer published a blog ...
CVE-2019-12815: Improper Access Control Vulnerability in ProFTPD Disclosed
July 23, 2019Popular open source FTP daemon affected by an improper access control vulnerability dating back to 2010 Background On July 18, Tobias Mädel published an advisory for an improper access control ...
CVE-2019-1579: Critical Pre-Authentication Vulnerability in Palo Alto Networks GlobalProtect SSL VPN Disclosed
July 19, 2019Researchers disclose a critical vulnerability in Palo Alto GlobalProtect SSL VPN solution used by many organizations. Background On July 17, researchers Orange Tsai and Meh Chang published a blog ab...
Oracle Critical Patch Update for July Contains 265 Fixes
July 16, 2019Oracle fixes 265 vulnerabilities in July’s Critical Patch Update. Background On July 16, Oracle released its Critical Patch Update (CPU) for July 2019 as part of its quarterly release of fixes...
CVE-2019-11580: Proof-of-Concept for Critical Atlassian Crowd Remote Code Execution Vulnerability Now Available
July 15, 2019A proof-of-concept for critical Atlassian Crowd vulnerability patched on May 22 is now available. Background On July 14, security researcher Corben Leo published a blog detailing the analysis of a r...
CVE-2019-11581: Critical Template Injection Vulnerability in Atlassian Jira Server and Data Center
July 11, 2019Vulnerability introduced nearly eight years ago could lead to remote code execution on vulnerable Jira Server and Data Center systems. Background On July 10, Atlassian published Security Advisory 20...
Multiple Vulnerabilities Found in Citrix SD-WAN Center and SD-WAN Appliances
July 11, 2019Tenable Research has discovered multiple critical vulnerabilities in both Citrix SD-WAN Center and the SD-WAN appliance itself that could allow a remote, unauthenticated attacker to compromise the und...
Unauthorized Call and Webcam Access Vulnerability in Zoom Mac Client (CVE-2019-13450)
July 10, 2019A zero-day vulnerability in Zoom could potentially lead to a remote code execution attack. Here’s what you need to know. Background Security researcher Jonathan Leitschuh has disclosed a zero d...
Microsoft’s July 2019 Patch Tuesday: What You Need to Know
July 9, 2019Microsoft’s July 2019 Security Updates were released on July 9, with nearly 80 vulnerabilities patched in this update, 15 of which are critical. CVE-2019-0865 | SymCrypt Denial of Service Vulner...
CVE-2019-2729: Oracle Releases Out-of-Band Patch for WebLogic Server Deserialization Vulnerability
June 19, 2019Out-of-band security advisory addresses second Oracle WebLogic Server vulnerability in two months. Background On June 18, Oracle published an out-of-band security advisory to address a critical vuln...