Adobe Flash Vulnerability Can Lead to Code Execution and Asset Takeover (CVE-2018-15982)
December 5, 2018Adobe has issued an out-of-band advisory for CVE-2018-15982. Through the use of a maliciously crafted RAR file, an attacker exploiting this vulnerability can take over the machine of users that run it...
Kubernetes Privilege Escalation Vulnerability Publicly Disclosed (CVE-2018-1002105)
December 4, 2018Patches are available for a critical privilege escalation flaw (CVE-2018-1002105) in the open-source container orchestration system, Kubernetes. Background On December 3, details about a privilege...
Adobe Issues Out-of-Band Patch for Critical Flash Player Vulnerability (CVE-2018-15981)
November 21, 2018Adobe has released an out-of-band patch for a critical Flash Player vulnerability. Users are encouraged to upgrade as soon as possible. Background On November 20, Adobe released APSB18-44, an out-of...
Drupalgeddon Attacks Continue on Sites Missing Security Updates (CVE-2018-7600, CVE-2018-7602)
November 20, 2018Recent attacks targeting Drupal instances vulnerable to Drupalgeddon 2 and Drupalgeddon 3 highlight the importance of identifying and patching vulnerable sites. Background In March 2018, Drupal publ...
Popular WordPress ‘AMP for WP’ Plugin Vulnerable to Privilege Escalation Attacks
November 15, 2018The ‘AMP for WP – Accelerated Mobile Pages’ plugin for WordPress is vulnerable to a privilege escalation attack. Updating the plugin to version ‘0.9.97.20’ fixes the flaw. Updated November 19: T...
Adobe Patches Incomplete Fix for NTLM Credential Leaking Bug (CVE-2018-15979)
November 14, 2018Researchers have reported an incomplete fix for CVE-2018-4993, an NTLM credential leaking vulnerability that was supposed to be patched in May 2018. Adobe has now released a complete fix. Background ...
New WordPress Privilege Escalation Flaw In WP GDPR Compliance Plugin
November 12, 2018A privilege escalation flaw in WordPress’ popular WP GDPR Compliance plugin has led to exploitation of numerous WordPress sites. Site owners and administrators are encouraged to upgrade to the latest ...
VMware Issues Security Advisory for Guest-to-Host Escape Vulnerability (CVE-2018-6981)
November 12, 2018VMware issued an advisory about two uninitialized stack memory usage bugs and has released patches and updates for some versions of the affected software. Background On November 9, VMware published ...
APT Malware Activity Detected Exploiting a Patched ColdFusion Vulnerability (CVE-2018-15961)
November 8, 2018Researchers at Volexity have identified multiple groups exploiting CVE-2018-15961 in unpatched, web-facing Adobe ColdFusion servers. Users are urged to upgrade to the latest version of ColdFusion. Ba...
Apache Struts Patches Remote Code Execution Vulnerability in FileUpload Library (CVE-2016-1000031)
November 5, 2018Apache Software Foundation announces a security update for Apache Struts to address a vulnerability in the Commons FileUpload library that could lead to remote code execution. We recommend updating no...
Cisco ASA and Firepower Being Exploited in the Wild - Apply Mitigations ASAP
November 1, 2018Cisco advised that the Adaptive Security Appliance (ASA) and Firepower systems are being exploited in the wild with a Session Initiation Protocol (SIP) vulnerability. Limited patches are available. B...
Buffer Overflow Vulnerability in Apple iOS and macOS Devices Disclosed
October 31, 2018A researcher has disclosed a buffer overflow vulnerability in Apple’s XNU operating system kernel that allows attackers on a local network to reboot Apple’s iOS and macOS devices and could potentially...