VMware patch bulletin warns: “This needs your immediate attention.”
“It is a matter of time before working exploits are available,” warns VMware.
Want to know more about this topic or about us? Contact us!
“It is a matter of time before working exploits are available,” warns VMware.
Got Linux? Here’s a bug you weren’t expecting, in software you might not know you have.
by Paul Ducklin Here’s another BWAIN, which is our shorthand for Bug With An Impressive Name. That’s the abbreviation we use for bugs that end up with names, logos and even dedicated websites that are catchy, cool, fancy, important or dramatic, and sometimes even all of these at the same . . . Read more
by Paul Ducklin As you know, our usual advice for Patch Tuesday boils down to four words, “Patch early, patch often.” There were 56 newly-reported vulnerabilities fixed in this month’s patches from Microsoft, with four of them offering attackers the chance of finding remote code execution (RCE) exploits. Remote code . . . Read more
by Paul Ducklin Bug hunter Tavis Ormandy of Google’s Project Zero just discovered a dangerous bug in the GNU Privacy Guard team’s libgcrypt encryption software. The libgcrypt library is an open-source toolkit that anyone can use, but it’s probably best known as the encryption library used by the GNU Privacy . . . Read more
by Paul Ducklin Apple, rather unusually in today’s cybersecurity world, rarely announces that security fixes are on the way. There’s no equivalent of Microsoft’s Patch Tuesday, which is a regular and predictable fixture in anyone’s cybersecurity calendar; there’s no “new version every fourth Tuesday” as there is with Firefox; there’s . . . Read more
Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases.
The malware takes aim at PostgreSQL database servers with never-before-seen techniques. An innovative Linux-based cryptocurrency mining botnet has been uncovered, which exploits a disputed PostgreSQL remote code-execution (RCE) vulnerability to compromise database servers. The malware is unusual and completely novel in a host of ways, researchers said. According to researchers . . . Read more
Attackers are targeting the critical remote code-execution flaw to compromise systems in the healthcare, local government, logistics and legal sectors, among others. Advanced persistent threat (APT) groups are actively exploiting a vulnerability in mobile device management security solutions from MobileIron, a new advisory warns. The issue in question (CVE-2020-15505) is . . . Read more
WordPress websites using buggy Epsilon Framework themes are being hunted by hackers. Millions of malicious scans are rolling across the internet, looking for known vulnerabilities in the Epsilon Framework for building WordPress themes, according to researchers. According to the Wordfence Threat Intelligence team, more than 7.5 million probes targeting these . . . Read more