CVE-2019-11707, CVE-2019-11708: Multiple Zero-Day Vulnerabilities in Mozilla Firefox Exploited in the Wild
June 18, 2019Security researchers discover two zero-day vulnerabilities in Mozilla Firefox used in targeted attacks. Editor’s Note: This blog was updated on June 20 to reflect additional information regardin...
Tenable Roundup for Microsoft's June 2019 Patch Tuesday
June 11, 2019The SandboxEscaper privilege escalation bugs are among the nearly 90 vulnerabilities patched in Microsoft’s June 2019 Security Updates. Here’s what you need to know. Microsoft’s June 2019 Securi...
CVE-2019-10149: Critical Remote Command Execution Vulnerability Discovered In Exim
June 6, 2019Researchers discover critical remote command execution vulnerability in older versions of Exim. Over 4.1 million systems are potentially vulnerable to local exploitation and remote exploitation is pos...
SandboxEscaper: Local Privilege Escalation Bugs Including Four Zero-Day Vulnerabilities Disclosed
May 23, 2019Five vulnerabilities, including four zero-day vulnerabilities, have been disclosed in Windows Task Scheduler, Windows Error Reporting, Internet Explorer 11, Microsoft Edge and Windows Installer, which...
Microarchitectural Data Sampling: Speculative Execution Side-Channel Vulnerabilities Found in Intel CPUs
May 15, 2019Researchers disclose speculative execution side-channel attacks named ZombieLoad, RIDL and Fallout in Intel Central Processing Units (CPUs). Background On May 14, public disclosures from multiple re...
Critical 'BlueKeep' Vulnerability CVE-2019-0708 Addressed in Patch Tuesday Updates
May 14, 2019Microsoft has released its May 2019 Security Updates, which includes a fix for BlueKeep (CVE-2019-0708), a critical remote code execution vulnerability affecting the Remote Desktop Service. Backgroun...
Thrangrycat: Vulnerabilities in Cisco Secure Boot and Cisco IOS XE (CVE-2019-1649, CVE-2019-1862)
May 14, 2019Researchers identify vulnerabilities in Cisco Secure Boot process and Cisco IOS XE devices that could reportedly be chained together for significant impact. Background On May 13, Cisco published two...
CVE-2019-5021: Hard-Coded NULL root Password Found in Alpine Linux Docker Images
May 9, 2019A Hard-Coded NULL root user password vulnerability was found in Alpine Linux Docker Images from December 2015’s 3.3 version onward. Users are encouraged to disable the root user, or any services that ...
CVE-2019-3396: Vulnerability in Atlassian Confluence Widget Connector Exploited in the Wild
April 30, 2019Attackers are targeting vulnerable Confluence instances after company published a fix for the vulnerability back in March 2019. Background On March 20, Atlassian published a Confluence Security Advi...
Oracle WebLogic Affected by Unauthenticated Remote Code Execution Vulnerability (CVE-2019-2725)
April 26, 2019Oracle WebLogic is vulnerable to a new deserialization vulnerability that could allow an attacker to execute remote commands on vulnerable hosts. Update May 3, 2019: The solution section below has be...
Sea Turtle DNS Hijacking Campaign Utilizes At Least Seven Patched Vulnerabilities
April 19, 2019The Sea Turtle campaign exploits seven patchable vulnerabilities dating from 2009 to 2018 to breach organizations and hijack their DNS name records. Background On April 17, researchers at Cisco’s Ta...
Oracle Critical Patch Update For April Contains 297 Fixes
April 17, 2019Oracle fixes nearly 300 vulnerabilities in second Critical Patch Update for 2019, including bugs in WebLogic, Java SE and several product components. Background On April 16, Oracle released its Crit...