Mozilla has released three security advisories to address the vulnerabilities present in Firefox, Firefox ESR, and Thunderbird. A zero-day vulnerability (CVE-2020-15999) has also been addressed in the latest version of Firefox. Firefox version 83 also introduces a new “HTTPS-only mode“, if enabled all the URL’s in the form of “http://” will be converted into respective […]

Read More →

Google has released a security advisory for its Chrome users on Windows, Mac, and Linux, addressing two very critical Zero-Day exploits being exploited in the wild. These Vulnerabilities can be tracked as CVE-2020-16013 and CVE-2020-16017. Endpoints that have not been patched are advised to deploy the patches ASAP. The flaws were reported by “anonymous” sources to […]

Read More →

Microsoft has rolled out November Patch Tuesday security updates for 112 vulnerabilities in its product line including Windows operating system, Edge browser, and developer tools. Out of these one vulnerability is identified as a zero-day, 17 are classified as critical and 93 are classified as important. The vulnerabilities are in the categories of elevation of privilege, […]

Read More →

Oracle has addressed a critical Remote Code Execution (RCE) vulnerability in the rare out-of-band patch in numerous versions of Oracle WebLogic Server. The vulnerability is assigned CVE-2020-14750 which has a CVSS base score of 9.8 out of 10 and it is remotely exploitable without any authentication or user interaction.  According to Eric Maurice, director of security […]

Read More →

A new zero-day vulnerability in Oracle Solaris has been brought to light by the FireEye security research team, Mandiant. The vulnerability has been reported as being actively exploited. The sophisticated threat actor, known as UNC1945, has been known to be using the zero-day bug to break into corporate networks. The vulnerability, tracked as CVE-2020-14871, affects […]

Read More →

Google Project Zero has disclosed details for a zero-day vulnerability CVE-2020-17087 found in the Windows operating system that is being currently exploited in the wild. Earlier Google had released a patch addressing a zero-day vulnerability (CVE-2020-15999) found in Chrome web browsers. The vulnerability allowed a remote attacker to exploit heap corruption by crafting a HTML […]

Read More →

Critical Remote Code Execution (RCE) vulnerability CVE-2020-14882 in the console component of the WebLogic Server allows unauthenticated, remote attackers to execute commands on the affected servers. Oracle has assigned its CVSSv3 score of 9.8 out of 10 which clearly shows this vulnerability’s criticality and should be patched ASAP. Johannes B. Ullrich, dean of research at […]

Read More →

We all know the popularity and intensively large audience of the Google Chrome browser which can be used on Windows, Mac, or Linux computers and Android devices. To the ones who are currently using the same and have not yet deployed the patch, it’s time to update their Chrome browsers to the latest version 86.0.4240.111 […]

Read More →

Oracle has released 402 new security patches as a part of the quarterly update cycle. 270 vulnerabilities are remotely exploitable without user credentials. Oracle MySQL received 53 security patches. 4 of these vulnerabilities allow an attacker to exploit the underlying flaws over the network without any form of authentication. CVE-2020-8174 is considered to be the most critical of […]

Read More →

Microsoft has released October Patch Tuesday security updates, addressing a total of 87 vulnerabilities in the family of Windows operating systems and related products. In which, 11 are classified as Critical that can be used by the attackers to get complete control over an unpatched victim system. All of the critical bugs are remote code […]

Read More →