Researchers have discovered a critical remote code execution bug in OpenSMTPD email server. This flaw in OpenSMTPD, OpenBSD‘s mail server, is known to be exploitable since May 2018.  The vulnerability, tracked as CVE-2020-7247, is exploitable both locally and remotely. OpenSMTPD is a Unix daemon which implements the Simple Mail Transfer Protocol to deliver messages on […]

Read More →

Apple released security updates for multiple products today. A total of 46 vulnerabilities were addressed. Exploitation of some of these security flaws could allow an attacker to take control of an affected system. The update for macOS includes fixes for 33 vulnerabilities which could allow an attacker to execute arbitrary code with kernel privileges, cause […]

Read More →

The news of numerous exploits on Citrix ADC(formerly NetScaler ADC) has been hitting the headlines lately. A total of 550,000 compromise attempts were recorded as per latest available statistics. Thousands of systems were sitting ducks while Citrix delayed the final release of necessary updates for the vulnerable devices. Citrix ADC is an application delivery and […]

Read More →

Cisco released a set of security updates which include one critical, seven high severity and nineteen medium security advisories. At least seven vulnerabilities lead to denial of service condition on the affected system and the most severe vulnerability could allow a remote unauthenticated attacker to gain administrative access on the affected device. Cisco has released […]

Read More →

Microsoft has released an emergency advisory for an unpatched zero-day vulnerability in Internet Explorer. Microsoft is also aware of limited targeted attacks in the wild. This vulnerability was discovered by Clement Lecigne of Google’s Threat Analysis Group. The fix for this zero-day would be released as a part of the next Patch Tuesday updates. And […]

Read More →

The release of Microsoft Patch Tuesday updates for January 2020 brought to light a critical vulnerability in Microsoft Windows CryptoAPI. Reported by National Security Agency, the national level intelligence agency of USA, CVE-2020-0601 is a spoofing vulnerability in Windows systems, the exploitation of which could have widespread consequences. Microsoft explains that this spoofing vulnerability in […]

Read More →

Microsoft has released January Patch Tuesday security updates today, fixing 49 common vulnerabilities and exposures (CVEs) in the family of Windows operating systems and related products which includes Windows, Office, Office Services and Web Apps, Internet Explorer, .NET Core, ASP.NET, .NET Framework, OneDrive for Android, and Microsoft Dynamics. Out of these, 8 are classified as […]

Read More →

Cisco has rolled out security patches for fourteen different products. Advisories released for Cisco Webex Video Mesh and Cisco IOS and Cisco IOS XE Software are considered important. The most severe of these vulnerabilities could allow an attacker to remotely execute commands and take control of an affected system. Cisco has released security updates for […]

Read More →

Mozilla released two consecutive security advisories to address the vulnerabilities in Firefox and Firefox ESR. The latter is a critical advisory claiming that Mozilla is aware of in-the-wild attacks for a type confusion vulnerability. However, there are no details about the specific threat actor(s) abusing the aforementioned vulnerability. Mozilla’s release of Firefox version 72 includes […]

Read More →

Cisco released security updates for Cisco Data Center Network Manager (DCNM), a platform for managing Cisco’s data center deployments, switches and fabric extenders that run NX-OS. A total of 12 vulnerabilities in DCNM were addressed in 6 advisories, one of which has been rated critical, three rated high and two rated medium in severity. Summary […]

Read More →