A new zero-day vulnerability in Oracle Solaris has been brought to light by the FireEye security research team, Mandiant. The vulnerability has been reported as being actively exploited. The sophisticated threat actor, known as UNC1945, has been known to be using the zero-day bug to break into corporate networks. The vulnerability, tracked as CVE-2020-14871, affects […]
Read More →
On October 20, 2020, the National Security Agency (NSA), a national-level intelligence agency of the United States Department of Defense, released a cybersecurity advisory highlighting 25 vulnerabilities in commonly-used software that are currently under active exploitation. They released the advisory following a series of attacks targeted in the USA. Here’s what happened In September, analysts […]
Read More →
Google Project Zero has disclosed details for a zero-day vulnerability CVE-2020-17087 found in the Windows operating system that is being currently exploited in the wild. Earlier Google had released a patch addressing a zero-day vulnerability (CVE-2020-15999) found in Chrome web browsers. The vulnerability allowed a remote attacker to exploit heap corruption by crafting a HTML […]
Read More →
Cyber-attacks are busting in from all directions. The biggest and most widespread attack was in 2017, called Wannacry. More than 230,000 computers were affected by the ransomware amounting to more than $4 billion in losses. This attack was due to an old SMB protocol enabled in Windows devices. Microsoft had released a patch 2 months […]
Read More →
This year has forced us into a lot of new challenges in the digital world. During the first half of 2020, Microsoft has seen a 150% increase in vulnerabilities than the entirety of 2019. Security breaches and ransomware attacks are being reported at an alarming rate this year. Cybercriminals now have the icing on the […]
Read More →
Critical Remote Code Execution (RCE) vulnerability CVE-2020-14882 in the console component of the WebLogic Server allows unauthenticated, remote attackers to execute commands on the affected servers. Oracle has assigned its CVSSv3 score of 9.8 out of 10 which clearly shows this vulnerability’s criticality and should be patched ASAP. Johannes B. Ullrich, dean of research at […]
Read More →
Vulnerability management has been a standard practice for more than 15 years now. Scanning, assessment, and remediation have occupied an important spot in an organization’s endpoint security practices. However, many old beliefs and approaches that were once working fine have turned out ineffective and outright wrong. Unknowingly sticking to outdated practices may give you a […]
Read More →
We all know the popularity and intensively large audience of the Google Chrome browser which can be used on Windows, Mac, or Linux computers and Android devices. To the ones who are currently using the same and have not yet deployed the patch, it’s time to update their Chrome browsers to the latest version 86.0.4240.111 […]
Read More →
Business demands are driving a surge of enterprise endpoints. The average IT asset inventory is constantly growing with remote and heterogeneous devices used by multiple employees. While businesses take longer strides and step into bigger opportunities, it is essential to secure all the endpoints that keep the business running. According to a study, 30 percent […]
Read More →
Oracle has released 402 new security patches as a part of the quarterly update cycle. 270 vulnerabilities are remotely exploitable without user credentials. Oracle MySQL received 53 security patches. 4 of these vulnerabilities allow an attacker to exploit the underlying flaws over the network without any form of authentication. CVE-2020-8174 is considered to be the most critical of […]
Read More →