Security Research and Intelligence

Sep30 0

AgeLocker Ransomware targeting QNAP network-attached storage (NAS) devices have been used by attackers to encrypt user data and demand a ransom. It has been found after research that no unpatched vulnerability was found to be exploited in the use of AgeLocker ransomware attack, whereas all the known affected QNAP NAS Devices are running older unpatched […]

Sep09 0

Microsoft has released September Patch Tuesday security updates with a total release of 129 vulnerabilities, In which 23 are classified as Critical with Remote Code Execution(RCE) 105 are classified as important and 1 is classified as moderate that reside in the Microsoft Windows, Microsoft Exchange Server, Internet Explorer (IE), Microsoft Edge (EdgeHTML-based and Chromium-based in […]

Sep03 0

File Manager is a popular WordPress plugin that is used to manage files on WordPress sites. It allows a WordPress administrator to edit, delete, upload, download, archive, copy and paste files and folders directly from the WordPress backend. A critical remote code execution vulnerability has been identified in the WordPress File Manager plugin which allows […]

Sep01 0

A high severity zero-day vulnerability has been found in Cisco IOS XR – An Internetwork Operating System (IOS) that is shipped with Cisco’s networking equipment. The vulnerability allows an unauthenticated, remote attacker to exhaust process memory and crash the other processes running on the affected device. Vulnerability Details(CVE-2020-3566 ): Cisco has released a security advisory […]

Aug26 0

A high-severity ‘use-after-free’ vulnerability tracked as CVE-2020-6492 with a CVSSv3 base score of 8.3 exists in WebGL [Web Graphics Library] component of the Google Chrome web browser that could be used to execute arbitrary code in the context of the browser process. WebGL (Web Graphics Library) is a JavaScript API for rendering high-performance interactive 3D […]

Aug19 0

Jenkins, an open-source automation server software released an advisory pertaining to a critical vulnerability present in its application. Jenkins enables developers to build, test, and deploy applications. This vulnerability tracked as CVE-2019-17638 when exploited can result in memory corruption and can disclose sensitive information. It allows any unauthenticated attacker to obtain sensitive information via response […]

Aug12 0

Microsoft has released August Patch Tuesday security updates, addressing a total number of 120 vulnerabilities, including two Zero-days in the family of Windows operating systems and related products. Out of these, 17 are classified as Critical and 103 as Important which includes Microsoft Windows, Edge EdgeHTML-based, Chromium-based, ChakraCore, Internet Explorer, Microsoft Office, and Microsoft Office Services […]

Aug07 0

A high-risk vulnerability was found in TeamViewer for Windows. It is tracked as “CVE-2020-13699“, with a CVSS base score of “8.8” that could be exploited by remote attackers to crack users’ password and thereupon, lead to the further system exploitation. TeamViewer is a software application for remote control, desktop sharing, online meetings, web conferencing and […]

Jul31 0

A team of cybersecurity researchers found multiple vulnerabilities that affect billions of devices that run on either Windows or Linux. Affected devices include laptops, servers, workstations, or even IoT devices. GRUB2 boot loader, which is not only used by Linux but other Operating Systems where Secure Boot trusts the 3rd-party UEFI CA, is affected […]

Jul28 2

Cisco has released a Security Advisory for the actively exploited worldwide CVE-2020-3452. Cisco Read-Only Path Traversal Vulnerability in the web services interface of Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to perform directory traversal attacks & read sensitive files on the system. Rapid 7 Researchers found […]