Security

Pierluigi Paganini March 18, 2020
Cisco addresses multiple issues in its SD-WAN product

Cisco has addressed a total of five vulnerabilities in its SD-WAN solution, including three high severity flaws. Cisco has addressed five vulnerabilities in its SD-WAN solution, including three high severity flaws. The vulnerabilities could be exploited by attackers to make unauthorized changes to the system, inject arbitrary commands that are executed with root permissions, and […]

Pierluigi Paganini March 18, 2020
VMware fixes high severity privilege escalation and DoS in its products

VMware released security updates to address high severity privilege escalation and DoS in the Workstation, Fusion, VMware Remote Console and Horizon Client. VMware has released security updates to address high severity privilege escalation and denial-of-service (DoS) flaws in the Workstation, Fusion, Remote Console and Horizon Client. The two security vulnerabilities have been tracked as CVE-2020-3950 and CVE-2020-3951 respectively. The CVE-2020-3950 is […]

Pierluigi Paganini March 16, 2020
Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Organizations are delaying in patching Microsoft Exchange Server flaw (CVE-2020-0688) that Microsoft fixed with February 2020 Patch Day updates. Organizations are delaying in patching Microsoft Exchange Server flaw (CVE-2020-0688) that Microsoft fixed with February 2020 Patch Day updates. The CVE-2020-0688 flaw resides in the Exchange Control Panel (ECP) component, the root cause of the problem is that Exchange servers […]

Pierluigi Paganini March 16, 2020
Experts warn of a new strain of ransomware, the PXJ Ransomware

Experts warn of a new malware strain, dubbed PXJ Ransomware, that does share the same underlying code with existing ransomware families. Security experts from IBM X-Force have spotted a new strain of ransomware, dubbed PXJ Ransomware, that does share the same code with other known ransomware families. While PXJ performs typical ransomware functions, it does […]

Pierluigi Paganini March 14, 2020
Slack bugs allowed take over victims’ accounts

Slack addressed a critical flaw within 24 hours from its disclosure, the issue allowed attackers to carry out automate account takeover. The researcher Evan Custodio discovered a critical vulnerability in Slack that could have allowed attackers to launch automate account takeover. Slack addressed the vulnerability within 24 hours it was reported by the researcher, the […]

Pierluigi Paganini March 14, 2020
A bug in Tor Browser allows execution of JavaScript even in Safest security level

Tor Project maintainers warned users about a severe flaw in the Tor browser that may execute JavaScript code on sites it should not. The Tor Project announced a major bug in the Tor browser that may cause the execution of JavaScript code on sites for which users have specifically blocked JavaScript. The development team at […]

Pierluigi Paganini March 13, 2020
VMware fixes a critical bug in Workstation, Fusion that allows code execution on host From guest

VMware has fixed three serious flaws in its products, including a critical issue in Workstation and Fusion that allow code execution on the host from guest. VMware has addressed three serious vulnerabilities in its products, including a critical flaw in Workstation and Fusion that could be exploited to execute code on the host from guest. […]

Pierluigi Paganini March 12, 2020
Microsoft fixes CVE-2020-0796, the SMBv3 wormable bug recently leaked

Microsoft released security updates to fix a recently disclosed CVE-2020-0796 vulnerability in SMBv3 protocol that could be abused by wormable malware. Microsoft has released security updates to address the CVE-2020-0796 vulnerability in SMBv3 protocol that could be exploited by vxers to implement “wormable” malware. On March 10, 2019, Microsoft accidentally leaked info on a security update for […]

Pierluigi Paganini March 12, 2020
Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Flaws Riddle Zyxel’s Network Management Software Experts have found tens of security vulnerabilities in Zyxel Network Management Software, including backdoors and hardcoded SSH keys. Security researchers Pierre Kim and Alexandre Torres have discovered several vulnerabilities Zyxel Cloud CNM SecuManager software that could expose users to cyber attacks. The Zyxel Cloud CNM SecuManager is a comprehensive […]

Pierluigi Paganini March 11, 2020
Office network at the European Network of Transmission System Operators for Electricity (ENTSO-E) breached

The European Network of Transmission System Operators for Electricity (ENTSO-E) disclose a security breach this week. The European Network of Transmission System Operators for Electricity (ENTSO-E) revealed this week that threat actors penetrated its network. ENTSO-E, the European Network of Transmission System Operators, represents 43 electricity transmission system operators (TSOs) from 36 countries across Europe, […]