The National Security Agency (NSA) issued a new warning of Russian cyber actors exploiting an Exim Mail Transfer Agent (MTA) vulnerability CVE-2019-10149. The cyber attacks have been ongoing since last August.
Apple has released security updates for macOS Catalina 10.15.5, Safari 13.1.1, iOS 13.5 and other products.
Security researchers have discovered a new version of Sarwent malware that has new command functionality, such as executing PowerShell commands and preference for using RDP.
Microsoft has issued an out-of-band patch for a privileged escalation vulnerability in Microsoft Edge (Chromium-based). Microsoft said the vulnerability CVE-2020-1195 exists in Edge when the Feedback extension improperly validates input.
Cisco patched a Critical RCE vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX). The company also addressed a DoS vulnerability in MDS 9000 Series Switches.
Drupal has released security updates to address cross-site scripting (XSS) and Open Redirect vulnerabilities affecting Drupal 7, 8.7, and 8.8.
Adobe has released security updates to address vulnerabilities in Premiere Pro, Premiere Rush and Audition products. Successful exploitation could lead to information disclosure.
The Internet Systems Consortium (ISC) has released two security updates that fix vulnerabilities on multiple versions of BIND. In addition, Microsoft also issued a new DNS security advisory and workaround. The flaws could allow a remote attacker to exploit and cause a denial of service condition.
U.S. government cybersecurity experts are providing guidance on the "top 10" most commonly exploited vulnerabilites. The alert helps highlight the importance of patching and prioritizing vulnerabilities with known exploits.
A security researcher disclosed four vulnerabilities in QNAP PhotoStation and CGI programs. All QNAP network-attached storage (NAS) devices running Photo Station are vulnerable and of those, approximately 450,000 QNAS NAS devices are exposed to the internet.