A zero-click remote code execution (RCE) bug in Microsoft Teams desktop apps could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message and compromise a target's system. The issues were reported to the Windows maker by Oskars Vegeris, a security engineer from Evolution Gaming, on August 31, 2020, before they were addressed at … [Read more...] about Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams
RCE
17-Year-Old Critical ‘Wormable’ RCE Vulnerability Impacts Windows DNS Servers
Cybersecurity researchers today disclosed a new highly critical "wormable" vulnerability—carrying a severity score of 10 out of 10 on the CVSS scale—affecting Windows Server versions 2003 to 2019.The 17-year-old remote code execution flaw (CVE-2020-1350), dubbed 'SigRed' by Check Point, could allow an unauthenticated, remote attacker to gain domain administrator privileges over … [Read more...] about 17-Year-Old Critical ‘Wormable’ RCE Vulnerability Impacts Windows DNS Servers
Critical RCE Flaw (CVSS 10) Affects F5 BIG-IP Application Security Servers
Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers.The vulnerability, assigned CVE-2020-5902 and rated as critical with a CVSS score of 10 out of 10, could let remote … [Read more...] about Critical RCE Flaw (CVSS 10) Affects F5 BIG-IP Application Security Servers
Zero-day RCE vulnerabilities in Windows Adobe Type Manager Library actively exploited
Updated on April 14. Microsoft has issued a warning about two new vulnerabilities in the Adobe Type Manager Library. Moreover, according to their information, some attackers are already exploiting them in targeted attacks. On April 14, Microsoft released security updates that address these vulnerabilities. What is Adobe Type Manager Library and how is it vulnerable There were … [Read more...] about Zero-day RCE vulnerabilities in Windows Adobe Type Manager Library actively exploited
Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig
If you're using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you.A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could … [Read more...] about Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig
7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App
A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app—one of the most popular open source replacements for Mac's built-in terminal app.Tracked as CVE-2019-9535, the vulnerability in iTerm2 was discovered as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS) and conducted by … [Read more...] about 7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App
[Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly
An anonymous hacker today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability in vBulletin—one of the widely used internet forum software, The Hacker News has learned.One of the reasons why the vulnerability should be viewed as a severe issue is not just because it is remotely exploitable, but also … [Read more...] about [Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly
Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu
The same security vulnerabilities that were recently reported in Zoom for macOS also affect two other popular video conferencing software that under the hood, are just a rebranded version of Zoom video conferencing software.Security researchers confirmed The Hacker News that RingCentral, used by over 350,000 businesses, and Zhumu, a Chinese version of Zoom, also runs a hidden … [Read more...] about Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu
Zoom Video Conferencing for macOS Also Vulnerable to Critical RCE Flaw
The chaos and panic that the disclosure of privacy vulnerability in the highly popular and widely-used Zoom video conferencing software created earlier this week is not over yet.As suspected, it turns out that the core issue—a locally installed web server by the software—was not just allowing any website to turn on your device webcam, but also could allow hackers to take … [Read more...] about Zoom Video Conferencing for macOS Also Vulnerable to Critical RCE Flaw
Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware
Taking advantage of newly disclosed and even patched vulnerabilities has become common among cybercriminals, which makes it one of the primary attack vectors for everyday-threats, like crypto-mining, phishing, and ransomware.As suspected, a recently-disclosed critical vulnerability in the widely used Oracle WebLogic Server has now been spotted actively being exploited to … [Read more...] about Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware