LastPass, the world most popular password vault, has issued a fix to an information disclosure flaw discovered by Google’s Project Zero. Google’s Project Zero security research team discovered a flaw in the LastPass plugins for the Chrome and Opera browsers. By exploiting the flaw, an attacker could obtain a copy of the last credentials theRead more
Blog
The September Patch Tuesday release from Microsoft included 18 critical fixes and 79 in total. The fixes include several Remote Code Execution vulnerabilities: RDP client-side remote code execution vulnerabilities Four remote code execution vulnerabilities were fixed in the Remote Desktop Services client. If a user can be tricked into connecting to a malicious RDP serverRead more
Exim, which powers 60% of the Internet’s email servers, is vulnerable to a remote code execution (CVE-2019-15846) in all versions prior to 4.92.2 which has just been released to patch the problem. TLS connections must be enabled in order to exploit the vulnerability. The flaw exists in the way Exim handles SNI (Server Name Indication)Read more
