Researchers have discovered another interesting vulnerability in the line of speculative execution attacks in Intel processors. This vulnerability has been named Load Value Injection (LVI), and is tracked as CVE-2020-0551. LVI is a new class of side-channel attacks that abuses microarchitectural flaws in processors to steal data. Modern processors resistant to Meltdown, Foreshadow, ZombieLoad, RIDL […]
Read More →Researchers have uncovered a serious vulnerability (CVE-2019-0090) in Intel’s CSME, which is unfixable and allows compromise of the hardware too. Intel CSME is known as the ‘root of trust‘. The vulnerability specifically lies in the ROM of the Intel Converged Security and Management Engine (CSME) and weakens the security foundation of Intel processors. Intel had […]
Read More →A critical 17-year-old remote code execution bug was discovered in pppd (Point to Point Protocol Daemon). PPPD is used to manage network connections between two nodes on Unix-like operating systems and is responsible for managing PPP session establishment and session termination. The vulnerability, tracked as CVE-2020-8597, is a flaw in the Extensible Authentication Protocol (EAP) […]
Read More →A critical vulnerability named Ghostcat was recently discovered in Apache Tomcat Servers. Apache Tomcat is a software used to deploy Java Servlets and JSPs. This vulnerability resides in Tomcat for more than a decade now. Ghostcat, tracked as CVE-2020-1938, was discovered in Tomcat AJP protocol by researchers at Chaitin Tech. Tomcat AJP is configured with […]
Read More →Cisco has released updates for a set of vulnerabilities. These vulnerabilities include six high severity and six medium severity vulnerabilities. The main highlight for this set of Cisco updates is the patching of a recently discovered vulnerability in Wi-Fi Access points and routers, widely known as Kr00k. Getting rid of the Kr00k Kr00k (CVE-2019-15126) is […]
Read More →Microsoft rightly predicted that systems vulnerable to CVE-2020-0688, could be an attractive target for attackers and that this vulnerability could soon be included in upcoming attacks. Standing true to that, attackers have now started scanning the Internet for Microsoft Exchange Servers vulnerable to a Remote Code Execution flaw(CVE-2020-0688). This vulnerability received a patch during the […]
Read More →