The Microsoft bug is a zero-click remote code execution vulnerability for macOS, Windows and Linux, which means the recipient of a Teams message does not need to perform any sort of action to be infected.
Google stepped out of band this week to patch two Chrome zero-day vulnerabilities currently being exploited in the wild that researchers say if left unpatched could allow hackers to compromise user devices.
Microsoft today released 87 patches – 11 of them critical – and a slew of RCE vulnerabilities while Adobe released patches for Adobe Flash Player across multiple platforms today. This marks the first time since February that Microsoft patched fewer than 100 CVEs. Leading the pack this month from Microsoft are a TCP/IP-related flaw and…
A Windows vulnerability recently patched by Microsoft, registering a CVSS score of 10, could allow attackers instant access to Active Directory. The vulnerability (CVE-2020-1472) subverts Netlogon cryptography, providing a gateway to an enterprise’s internal network for an intruder to gain Domain Admin status with one click, according to a Secura blog post. “This flaw allows…
Are organizations better off today than they were three years ago when a devastating breach at Equifax exposed sensitive customer data and poor security practices in equal measure? The consensus among experts is that companies still have a ways to go. “Unfortunately, not much has changed,” said Greg Foss, senior threat researcher from VMware Carbon…
Adobe Tuesday released critical security updates for Adobe InDesign, Framemaker and Experience Manager, addressing multiple vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user, the company warned. “While only a few are marked critical, even less critical vulnerabilities are targeted and exploited to gain access to a system, which…
In a Patch Tuesday to rival June’s security update, Microsoft fixed 129 new software vulnerabilities, including 23 critical flaws, impacting multiple platforms, including the Windows Graphic Device Interfaces (GDI), Microsoft SharePoint and Microsoft Exchange Server. Justin Knapp, Automox product marketing manager, attributed the patch laundry list to a remote workforce not going back to offices en masse…
Applying a security update to a CVE released more than a year ago could have prevented a hacker from publishing plaintext usernames and passwords, as well as IP addresses, for more than 900 Pulse Secure VPN enterprise servers. “The lesson here? Patch, patch, patch,” said Laurence Pitt, global security strategy director at Juniper Networks. “The…
A newly discovered serious vulnerability – dubbed “BootHole” – with a CVSS rating of 8.2 could unleash attacks that could gain total control of billions of Linux and Windows devices. Security firm Eclypsium researchers released details today about how the flaw can take over nearly any device’s boot process. The majority of laptops, desktops, servers,…
Dell issued a patch for a path traversal vulnerability found in the Integrated Dell Remote Access Controller (iDRAC) that could allow criminals to obtain full control of server operations. The vulnerability scored a CVSS rating of 7.1. iDRAC was designed for secure local and remote server management to help IT administrators deploy, update and monitor…
