iTerm2 is one of the most popular macOS terminal emulator and is a default choice for developers and administrators due to its extensive features like windows transparency, full-screen mode, notifications, integration with tmux etc. A critical remote code execution vulnerability has been discovered in iTerm2 by Radically Open Security, as part of an independent security […]

Read More →

A critical remote code execution (RCE) vulnerability affecting one of the widely used internet forum software vBulletin has been publicly disclosed. The vulnerability is identified with CVE-2019-16759 and allows an attacker to execute any command on the website like uploading malware, uploading shells or tampering with the website’s code. This vulnerability is believed to be […]

Read More →

Squid is an open-source web caching and Internet proxy application which is widely used for speeding up the webserver and aiding in its security. A heap buffer overflow vulnerability has been discovered in some versions of the Squid web proxy cache servers. This vulnerability is tracked as CVE-2019-12527 and could be exploited by attackers to […]

Read More →

ProFTPd is an open-source, cross-platform FTP server and is one among the most popular FTP servers used in Unix-like environments. It comes pre-installed with many Linux and Unix distributions and is used by a number of popular businesses and websites including SourceForge, Samba and Slackware. An improper access control vulnerability has been discovered in ProFTPD, […]

Read More →

A campaign targeting government organizations in Central Asia was discovered delivering a backdoor named HAWKBALL. This backdoor can collect information from the victim’s system and it can also deliver various payloads. It offers an attacker a range of malicious capabilities including examining the host, executing native Windows commands, terminating processes, creating, deleting files, uploading files, […]

Read More →

image credit: blogs.oracle.com Oracle has released an out-of-band security update to address a critical vulnerability in Oracle WebLogic Server. A deserialization flaw allows remote code execution and is tracked with CVE-2019-2729. This vulnerability is rated critical and is found to be exploited in-the-wild. The vulnerability exists due to a deserialization flaw in XMLDecoder in Oracle […]

Read More →