Philips cardiovascular software found to contain privilege escalation, code execution bugs
Multiple versions of cardiovascular imaging and information management software from Philips have been found to contain vulnerabilities that could lead to escalated privileges and arbitrary code execution. The first vulnerability, CVE-2018-14787, is a high-severity flaw (CVSS score of 7.3) found in versions 2.x or prior of Philips’ IntelliSpace…
Hacker Discloses Unpatched Windows Zero-Day Vulnerability (With PoC)
A security researcher has publicly disclosed the details of a previously unknown zero-day vulnerability in the Microsoft’s Windows operating system that could help a local user or malicious program obtain system privileges on the targeted machine. And guess what? The zero-day flaw has been confirmed…
Microsoft Flaw Allows Full Multi-Factor Authentication Bypass
This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building. A vulnerability in Microsoft’s Active Directory Federation Services (ADFS) has been uncovered that would allow malicious actors to bypass…
Expert discovered a Critical Remote Code Execution flaw in Apache Struts (CVE-2018-11776)
Maintainers of the Apache Struts 2 open source development framework has released security updates to address a critical remote code execution vulnerability. Security updates released this week for the Apache Struts 2 open source development framework addressed a critical RCE tracked as CVE-2018-11776. The vulnerability affects Struts…
No Patch Available Yet for New Major Vulnerability in Ghostscript Interpreter
Tavis Ormandy, a Google Project Zero security researcher, has revealed details about a new major vulnerability discovered in Ghostscript, an interpreter for Adobe’s PostScript and PDF page description languages. Ghostscript is by far the most widely used solution of its kind. The Ghostscript interpreter is…
Dark Tequila Banking Malware Uncovered After 5 Years of Activity
Security researchers at Kaspersky Labs have uncovered a new, complex malware campaign that has been targeting customers of several Mexican banking institutions since at least 2013. Dubbed Dark Tequila, the campaign delivers an advanced keylogger malware that managed to stay under the radar for five years…
Zero-Day In Microsoft’s VBScript Engine Used By Darkhotel APT
A vulnerability in the VBScript engine has been used by hackers working for North Korea to compromise systems targeted by the Darkhotel operation. VBScript is available in the latest versions of Windows and in Internet Explorer 11. In recent versions of Windows, though, Microsoft disabled execution…
JavaScript Web Apps and Servers Vulnerable to ReDoS Attacks
JavaScript web apps and web servers are susceptible to a specific type of vulnerabilities/attacks known as regular expression (regex) denial of service (ReDoS). These vulnerabilities take place when an attacker sends large and complex pieces of text to the open input of a JavaScript-based web…
New PHP Code Execution Attack Puts WordPress Sites at Risk
Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves hundreds of thousands of web applications open to remote…
Necurs Botnet Pushing New Marap Malware
Security researchers from Proofpoint have discovered a new malware strain that they named Marap and which is currently distributed via massive waves of spam emails carrying malicious attachments (malspam). The malware is neither a banking trojan, a remote access trojan (RAT), or ransomware, but a…
Stay connected