Coronavirus, COVID-19 or SARS–CoV–2 has turned the lives of people across the globe into a nightmare. Attackers have utilized the pandemic as an opportunity to spread malware and ransomware by preying on the mindset of people in these times of crisis. Organizations opting for remote working setups has also carved out an additional opportunity for […]

Read More →

  Mozilla fixed two critical zero-days in its popular web browser, Firefox. Mozilla is aware of active exploitation of these vulnerabilities. There is no specific information about the threat groups or malwares utilizing these vulnerabilities. Firefox Zero-Days As per the advisory, CVE-2020-6819 is a use-after-free vulnerability when running the nsDocShell destructor due to a  race […]

Read More →

Microsoft and its updates are of utmost interest for the security community during the second Tuesday of every month, the Patch Tuesday. However, Microsoft has filled the headlines of the fourth Tuesday too with important information about two critical unpatched zero-days in Microsoft Windows operating systems. A critical advisory has been released by Microsoft, urging […]

Read More →

Recent attacks involved the exploitation of security holes in Trend Micro’s enterprise security products. Trend Micro issued a critical security advisory stating that it has observed active attempts of potential attacks against its products. In-the-wild zer0-day exploits CVE-2020-8467 is a critical remote code execution vulnerability in the migration tool component of Trend Micro Apex One […]

Read More →

Adobe released a security update for the widely used Acrobat and Reader. This update includes a total of 13 CVEs, 9 of which are known to be critical security fixes for arbitrary code execution vulnerabilities. The exploitation of other vulnerabilities could lead to the disclosure of sensitive information and grant elevated privileges to an attacker. […]

Read More →

  Microsoft disclosed details of a critical wormable flaw in SMBv3. This flaw can be used by attackers to deliver wormable malware to targets which could spread across the network and infect other machines within no time. Server Message Block(SMB) is an important network protocol that is used for sharing access to files, printers, serial […]

Read More →

Researchers have discovered another interesting vulnerability in the line of speculative execution attacks in Intel processors. This vulnerability has been named Load Value Injection (LVI), and is tracked as CVE-2020-0551. LVI is a new class of side-channel attacks that abuses microarchitectural flaws in processors to steal data. Modern processors resistant to Meltdown, Foreshadow, ZombieLoad, RIDL […]

Read More →

Researchers have uncovered a serious vulnerability (CVE-2019-0090) in Intel’s CSME, which is unfixable and allows compromise of the hardware too. Intel CSME is known as the ‘root of trust‘. The vulnerability specifically lies in the ROM of the Intel Converged Security and Management Engine (CSME) and weakens the security foundation of Intel processors. Intel had […]

Read More →

A critical 17-year-old remote code execution bug was discovered in pppd (Point to Point Protocol Daemon). PPPD is used to manage network connections between two nodes on Unix-like operating systems and is responsible for managing PPP session establishment and session termination. The vulnerability, tracked as CVE-2020-8597, is a flaw in the Extensible Authentication Protocol (EAP) […]

Read More →

A critical vulnerability named Ghostcat was recently discovered in Apache Tomcat Servers. Apache Tomcat is a software used to deploy Java Servlets and JSPs. This vulnerability resides in Tomcat for more than a decade now. Ghostcat, tracked as CVE-2020-1938, was discovered in Tomcat AJP protocol by researchers at Chaitin Tech. Tomcat AJP is configured with […]

Read More →