Microsoft and its updates are of utmost interest for the security community during the second Tuesday of every month, the Patch Tuesday. However, Microsoft has filled the headlines of the fourth Tuesday too with important information about two critical unpatched zero-days in Microsoft Windows operating systems. A critical advisory has been released by Microsoft, urging […]

Read More →

Recent attacks involved the exploitation of security holes in Trend Micro’s enterprise security products. Trend Micro issued a critical security advisory stating that it has observed active attempts of potential attacks against its products. In-the-wild zer0-day exploits CVE-2020-8467 is a critical remote code execution vulnerability in the migration tool component of Trend Micro Apex One […]

Read More →

Adobe released a security update for the widely used Acrobat and Reader. This update includes a total of 13 CVEs, 9 of which are known to be critical security fixes for arbitrary code execution vulnerabilities. The exploitation of other vulnerabilities could lead to the disclosure of sensitive information and grant elevated privileges to an attacker. […]

Read More →

  Microsoft disclosed details of a critical wormable flaw in SMBv3. This flaw can be used by attackers to deliver wormable malware to targets which could spread across the network and infect other machines within no time. Server Message Block(SMB) is an important network protocol that is used for sharing access to files, printers, serial […]

Read More →

Researchers have discovered another interesting vulnerability in the line of speculative execution attacks in Intel processors. This vulnerability has been named Load Value Injection (LVI), and is tracked as CVE-2020-0551. LVI is a new class of side-channel attacks that abuses microarchitectural flaws in processors to steal data. Modern processors resistant to Meltdown, Foreshadow, ZombieLoad, RIDL […]

Read More →

Researchers have uncovered a serious vulnerability (CVE-2019-0090) in Intel’s CSME, which is unfixable and allows compromise of the hardware too. Intel CSME is known as the ‘root of trust‘. The vulnerability specifically lies in the ROM of the Intel Converged Security and Management Engine (CSME) and weakens the security foundation of Intel processors. Intel had […]

Read More →