The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning (ERP) system. Tracked as CVE-2021-26295, the flaw affects all versions of the software prior to 17.12.06 and employs an "unsafe deserialization" as an … [Read more...] about Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now
vulnerability
Google Chrome update patches CVE-2021-21193 vulnerability
Google Chrome urgently requires an update to patch a severe vulnerability. You may be tired of updating Chrome (the latest urgent update was just last month), but it’s that time again, and with good reason: Cybercriminals have already exploited this vulnerability. What is CVE-2021-21193? On March 12, Google released stable build 89.0.4389.90 for Chrome, patching five … [Read more...] about Google Chrome update patches CVE-2021-21193 vulnerability
Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams
A zero-click remote code execution (RCE) bug in Microsoft Teams desktop apps could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message and compromise a target's system. The issues were reported to the Windows maker by Oskars Vegeris, a security engineer from Evolution Gaming, on August 31, 2020, before they were addressed at … [Read more...] about Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams
Critical Jenkins Server Vulnerability Could Leak Sensitive Information
Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed.Tracked as CVE-2019-17638, the flaw has a CVSS rating of 9.4 and impacts Eclipse Jetty versions 9.4.27.v20200227 to 9.4.29.v20200521—a … [Read more...] about Critical Jenkins Server Vulnerability Could Leak Sensitive Information
Getting more value from your endpoint security tool #5: Querying Tips for Vulnerability & Compliance
Thank you for tuning in to the fifth and final installment of this blog series. As I stated in my previous blog posts on orbital advanced search, my father was an automobile mechanic. More specifically, he was a “brakes and front-end mechanic”. On several occasions, Pops would point out the wear on a set of tires and would tell me that either the car was out of alignment, … [Read more...] about Getting more value from your endpoint security tool #5: Querying Tips for Vulnerability & Compliance
17-Year-Old Critical ‘Wormable’ RCE Vulnerability Impacts Windows DNS Servers
Cybersecurity researchers today disclosed a new highly critical "wormable" vulnerability—carrying a severity score of 10 out of 10 on the CVSS scale—affecting Windows Server versions 2003 to 2019.The 17-year-old remote code execution flaw (CVE-2020-1350), dubbed 'SigRed' by Check Point, could allow an unauthenticated, remote attacker to gain domain administrator privileges over … [Read more...] about 17-Year-Old Critical ‘Wormable’ RCE Vulnerability Impacts Windows DNS Servers
Chrome zero-day vulnerability | Kaspersky official blog
Thanks to the Kaspersky Exploit Prevention subsystem in our products, we recently detected an exploit — a malicious program letting attackers gain unauthorized access to the computer — through a vulnerability in the Google Chrome browser. It used a zero-day vulnerability, that is, one that was yet unknown to the developers. It was assigned the identifier CVE-2019-13720. We … [Read more...] about Chrome zero-day vulnerability | Kaspersky official blog
Insights Regarding the Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability
This blog post was authored by Eugenio Iavarone, Cisco PSIRT. On August 28th, 2019, Cisco published a Security Advisory titled “Cisco REST API Container for Cisco IOS XE Software Authentication Bypass Vulnerability”, disclosing an internally found vulnerability which affects the Cisco REST API container for Cisco IOS XE. An exploit could be used to bypass authentication on … [Read more...] about Insights Regarding the Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability
New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections
Over a billion Bluetooth-enabled devices, including smartphones, laptops, smart IoT devices, and industrial devices, have been found vulnerable to a high severity vulnerability that could allow attackers to spy on data transmitted between the two devices.The vulnerability, assigned as CVE-2019-9506, resides in the way 'encryption key negotiation protocol' lets two Bluetooth … [Read more...] about New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections
Account Takeover Vulnerability Found in Popular EA Games Origin Platform
A popular gaming platform used by hundreds of millions of people worldwide has been found vulnerable to multiple security flaws that could have allowed remote hackers to takeover players' accounts and steal sensitive data.The vulnerabilities in question reside in the "Origin" digital distribution platform developed by Electronic Arts (EA)—the world's second-largest gaming … [Read more...] about Account Takeover Vulnerability Found in Popular EA Games Origin Platform