Microsoft continues to roll out changes to mitigate the Zerologon vulnerability and a change due in the February Patch Tuesday could break non-Windows device’s ability to connect to the domain. The Zerologon vulnerability is a flaw in the Microsoft NetLogon protocol. Tracked as CVE-2020-1472 the vulnerability allows an unauthenticated user to change passwords on the […]
NetLogon Security Changes coming in February Read More »
Microsoft starts the year with their first patch Tuesday bundle of security fixes targeting 10 Critical vulnerabilities include a zero-day being exploited in Windows Defender. The Windows Defender vulnerability (CVE-2021-1647) is reported by Microsoft as having been detected under active exploitation in the wild – but precious little context information is provided under the firm’s
Microsoft Patches Critical Bugs Read More »
According to a new report, 68% of organisations that suffered a network breach are the victim of a repeat attack within a year. Cyber-criminals assume that organisation will not learn a lesson from the first attack and return in the hope of easy pickings the second time around. The report from cybersecurity response firm Crowdstrike
Two thirds of cyber-crimes repeated within 12 months Read More »
A vulnerability in the Drupal web content management system can be exploited to allow arbitrary code execution, affecting almost a million websites. A security advisory from Drupal describes how this critical vulnerability can be exploited to perform arbitrary execution of PHP code. Security patches are available for Drupal versions 7, 8 and 9. The problem
Drupal vulnerability affects a million sites Read More »
Oracle patched a vulnerability in their WebLogic server in October 2020 – eight days later working exploit code was published online and now it is being used by criminals. CVE-2020-14882 allows an attacker to perform a Remote Code Execution attack with minimal effort or skill required. Juniper Networks security researchers reports at least five different
Hackers target Oracle WebLogic vulnerability Read More »
The November security patch bundle from Microsoft fixes 112 security vulnerabilities in their products, including 12 Remote Code Execution vulnerabilities. Noteworthy vulnerabilities fixed this month include: Windows Kernel Local Elevation of Privilege: CVE-2020-17087 Observed under active attack in the wild by Google, CVE-2020-17087 is an elevation of privilege vulnerability that was being used in
November Patch Tuesday fixes 12 RCE vulnerabilities Read More »
Adobe has issued patches for critical vulnerabilities in their Acrobat and Acrobat Reader software widely used for creating and reading PDF documents. 12 fixes are included in the latest security updates, three are rated as Critical as they can be exploited to achieve arbitrary code execution. In other words, this means simply opening a specially
Adobe issues Acrobat security patches Read More »
The NSA (National Security Agency) recently published a security advisory about the publicly known vulnerabilities currently being exploited by Chinese state-sponsored actors. While this security advisory is focused on the activities of state-sponsored actors, it does show the threats and vulnerabilities considered most useful for exploitation. Taking a quick look at the list could provide
The Top 10 vulnerabilities being exploited today Read More »
Last week an SQL injection vulnerability was discovered in the popular Loginizer plugin used by over a million WordPress sites. Such was the risk, WordPress took the unusual step of forcing updates into sites that use the plug-in – even those with auto-update turned off. The flaw in Loginizer can be exploited by an attacker
WordPress force updates a million sites to fix SQLi flaw Read More »
Google has issued an urgent update for Chrome which patches a zero-day vulnerability under active exploitation. The Chrome team took just one day from report of the vulnerability to issuing the patch, such is the danger posed by this flaw. The patch is included in Chrome version v86.0.4240.111 (CVE-2020-15999) – any older versions should be
Google Patches Chrome Zero-Day Vulnerability Read More »