Image Source: mspoweruser.comMicrosoft fixed two critical remote code execution vulnerabilities, reported in ‘Microsoft Malware Protection Engine‘. Microsoft Malware Protection Engine scans files in real-time.  These capabilities like scanning, detection, and cleaning are available in products like Windows Defender, Malware scanner, Microsoft Security Essentials, Microsoft Forefront Endpoint Protection, Microsoft Forefront Security for SharePoint Service, Windows Intune Endpoint […]

Read More →

Image Source: thestack.com Intel identified eight security vulnerabilities and released security advisory last week, affecting Intel core CPU technologies Intel Management Engine (ME), Server Platform Service (SPS) and Trusted Execution Engine (TXE). These vulnerabilities allow an unauthorized process to access privileged content, attackers with local or remote admin access to the system to execute arbitrary […]

Read More →

  Source: thehackernews.com Return of Coppersmith’s Attack, or ROCA for short is a cryptographic weakness in generation of RSA keys, that allows the private key of a key pair to be recovered from the public key. RSA is a public key cryptosystem widely used for secure data transmission. The vulnerability tracked as CVE-2017-15361, affects RSA key […]

Read More →

Microsoft October 2017 Patch Tuesday addresses 62 security vulnerabilities in eight of it’s main product categories. Amoung these 28 CVE’s are rated as Critical, 34 are rated as Important. Microsoft addressed three publicly disclosed issues in the October 2017 Patch Tuesday update, one of them is actively exploited in the wild. The bug which is […]

Read More →

Apache Wicket  is an open source, server side, Java web application framework and used by quite a few big sites. It is discovered that the ‘encrypted url feature‘, which is expected to protect from CSRF (Cross-Site Request Forgery) attack, but it fails to provide enough protection against CSRF attack in Apache Wicket. Encrypted URLs and stateful […]

Read More →

Foxit reader is prone to two remote code execution zero day vulnerabilities, which are found by Steven Seeley (mr_me) and Ariele Caltabiano (kimiya). Both vulnerabilities are due to the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations and also launching of any executable files. User interaction is […]

Read More →