Microsoft released its monthly set of security updates today. 77 vulnerabilities were addressed in these updates with 15 vulnerabilities rated critical and 62 vulnerabilities rated important in severity. All the critical vulnerabilities lead to remote code execution. 51 vulnerabilities were addressed in Windows alone. Microsoft also fixed an elevation of privilege vulnerability (CVE-2019-1130) in Windows […]

Read More →

A critical vulnerability has been discovered recently in QEMU (Quick Emulator). Beware of the Command execution vulnerability that exists in QEMU, a hosted virtual machine monitor. It was recently discovered that the QEMU Guest agent’s command ‘guest_exec‘ has encountered a critical OS command injection vulnerability which allows any remote unauthenticated attacker to gain sensitive information, […]

Read More →

Privilege Escalation Vulnerabilities are a dime a dozen these days. But, what if an attacker could take control of an application which runs with the highest privileges? Then it’s an apocalypse! A flaw in an application running with administrator privileges has left millions of Dell PCs vulnerable. What is Dell SupportAssist? Dell SupportAssist is a […]

Read More →

A campaign targeting government organizations in Central Asia was discovered delivering a backdoor named HAWKBALL. This backdoor can collect information from the victim’s system and it can also deliver various payloads. It offers an attacker a range of malicious capabilities including examining the host, executing native Windows commands, terminating processes, creating, deleting files, uploading files, […]

Read More →

image credit: blogs.oracle.com Oracle has released an out-of-band security update to address a critical vulnerability in Oracle WebLogic Server. A deserialization flaw allows remote code execution and is tracked with CVE-2019-2729. This vulnerability is rated critical and is found to be exploited in-the-wild. The vulnerability exists due to a deserialization flaw in XMLDecoder in Oracle […]

Read More →