Critical TLS flaw opens Exim servers to remote compromise
A ‘critical’ security vulnerability has been discovered in the Exim mail server that requires admins’ urgent attention. Learn more about the flaw and how to protect your servers:
A ‘critical’ security vulnerability has been discovered in the Exim mail server that requires admins’ urgent attention. Learn more about the flaw and how to protect your servers:
Are you an Exim user? Have you heard that Exim has been impacted by its second major bug this summer? Learn more:
A security flaw in Google Chrome allows an attacker to eventually take control a vulnerable host, and Google recommends users to deploy a patch as soon as possible. All versions of the browser are affected, including Google Chrome for Linux. Learn more:
Are you a Google Chrome user? If so, have you heard about the system-controlling Chrome bug in Blink? Get the details:
Have you heard that the Red Hat Enterprise Linux 6 and CentOS 6 GNU/Linux operating systems have received an important Linux kernel security update that addresses several critical vulnerabilities and fixes various bugs? Learn more about this update:
Neglecting basic security practices exposes companies to long-standing security threats. Learn what you can do to mitigate the risk that security vulnerabilities pose to your business:
Are you an Apache Struts user who follows security advisories? If so, they may be giving you a false sense of security.
Have you heard that Netflix hasidentifiedseveral denial of service (DoS) flaws in numerous implementations of HTTP/2, a popular network protocol that underpins large parts of the web? Exploiting them could make servers grind to a halt. These vulnerabilities affect various Linux distributions and open-source vendors and projects. Learn the details in this article:
All major BIOS vendors, along with the likes of AMD, Nvidia, Intel, Huawei, and many others, are offering drivers that have serious security issues. A new report, called Screwed Drivers, from Eclypsium, revealed the worrying extent of the problem.
The feature that a researcher discovered could be used to execute malicious code had no actual use case.
If you are running a KDE desktop environment on your Linux operating system, you need to be extra careful and avoid downloading any ".desktop" or ".directory" file for a while.
The SWAPGS vulnerability can allow attackers to access contents of kernel memory addresses. Microsoft and Intel have coordinated on a mitigation.
Cisco Systems has agreed to pay $8.6 million to settle a lawsuit that accused the company of knowingly selling video surveillance system containing severe security vulnerabilities to the U.S. federal and state government agencies.
Security researchers have uncovered a security flaw in a popular home security camera which permits remote spying without any form of authentication.
Researchers have found 11 serious vulnerabilities in VxWorks, the world's most popular real-time operating system (RTOS) that powers over 2 billion devices including enterprise network firewalls and routers, industrial controllers and medical equipment. Many of the flaws allow attackers to take over devices remotely by just sending network packets, which make them particularly dangerous.
There has been a lot of confusion over the last few days after news spread of a supposedvulnerability in the media player VLC. Despite being labelled as "critical", VLC's developers, VideoLAN, denied there was a problem at all.
Have you heard about the BlueKeep vulnerability that has been discovered in Windows RDP servers? Cybersecurity researchers have identified a new variant ofWatchBog, a Linux-based cryptocurrency mining malware botnet, which now also includes a module to scan the Internet for Windows RDP servers vulnerable to theBluekeep flaw.BlueKeep is a highly-critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Services that could allow an unauthenticated remote attacker to take full control over vulnerable systems just by sending specially crafted requests over RDP protocol.Though thepatches for the BlueKeepvulnerability (CVE–2019-0708) was already released by Microsoft in May this year, more than800,000 Windows machinesaccessible over the Internet are still vulnerable to the critical flaw.
Have you heard that a serious vulnerability has been discovered in the latest release of the VLC media player and no patch is available? Non-profit VideoLAN's VLC player is popular software used to both play and convert a variety of audio and visual files. Available for Windows, Linux, Mac OS X, Unix, iOS, and Android systems, the open-source media player has now become the focus of a recent security advisory released by the German Computer Emergency Response Team (CERT-Bund). In the advisory, CERT-Bund warns that VLC media player version 3.0.7.1, the latest build available, contains a vulnerability which has been awarded a CVSS score of 9.8 out of 10.
Attention ethical hackers: Google has just announced that it decided to increase the bounties offered for Google Chrome browser security vulnerabilities, with the maximum payment now reaching $30,000!