Trending
Heat Index
exploits
Most Recent
 
Read More
June 19, 2019

Oracle issues emergency update to patch actively exploited WebLogic flaw

Enlarge / Security team KnownSec404 proof-of-concept image, showing an instance of Windows Calculator being run on the remote WebLogic server. (credit: KnownSec 404)

Oracle on Tuesday published an out-of-band update patching a critical code-execution vulnerability in its WebLogic server after researchers warned that the flaw was being actively exploited in the wild.

The vulnerability, tracked as CVE-2019-2729, allows an attacker to run malicious code on the WebLogic server without any need for authentication. That capability earned the vulnerability a Common Vulnerability Scoring System score of 9.8 out of 10. The [...]

 
Read More
June 13, 2019

If you haven’t patched Vim or NeoVim text editors, you really, really should

Enlarge (credit: unknown)

A recently patched vulnerability in text editors preinstalled in a variety of Linux distributions allows hackers to take control of computers when users open a malicious text file. The latest version of Apple’s macOS is continuing to use a vulnerable version, although attacks only work when users have changed a default setting that enables a feature called modelines.

Vim and its forked derivative, NeoVim, contained a flaw that resided in modelines. This feature lets users specify window dimensions and other custom options near the start or end of a text file. While modelines restricts the commands [...]

 
Read More
June 5, 2019

New BlueKeep exploit shows the “wormable” danger is very, very real

(credit: flattop341)

For the past three weeks, security professionals have warned with increasing urgency that a recently patched Windows vulnerability has the potential to trigger attacks not seen since the WannaCry worm that paralyzed much of the world in 2017. A demonstration video circulating on the Internet is the latest evidence to prove those warnings are the real deal.

It was posted Tuesday by Sean Dillon, a senior security researcher and RiskSense. A play-by-play helps to underscore the significance of the feat.

Rough draft MSF module. Still too dangerous to release, lame sorry. Maybe [...]

 
Read More
May 31, 2019

Microsoft says it’s confident an exploit exists for wormable BlueKeep flaw

Enlarge (credit: Smabs Sputzer (1956-2017))

Microsoft security officials say they are confident an exploit exists for BlueKeep, the recently patched vulnerability that has the potential to trigger self-replicating attacks as destructive as the 2017 WannaCry attack that shut down computers all over the world.

In a Blog post published late Thursday night, members of the Microsoft Security Response Center cited findings published Tuesday by Errata Security CEO Rob Graham that almost 1 million Internet-connected computers remain vulnerable to the attacks. That indicates those machines have yet to install an update Microsoft [...]

Latest Headlines
 
 
Read More
 
Read More

Trending Topics
Tech
Gaming
Android
Apple
gear
News
TC
Deals
Google
Top Stories
 
 
 
 
 
 
 
 
Right Now
 
 
 
 
 
 
Top Five
Heat Index
 
1
Red Dead Redemption 2 Guide: Legendary Animals, Pelts, And Where To Find Them
 
2
FiLMiC Pro adds LogV2 support for greatly improved dynamic range on latest iPhones
 
3
Black Friday Amazon UK’s Best Deals For PS4, Nintendo Switch, And PC Revealed
 
4
How a 19th-Century Teenager Sparked a Battle Over Who Owns Our Faces
 
5
Canada’s Corel is acquiring virtualization specialist Parallels in an all-cash deal