A security researcher has developed new proof-of-concept (PoC) code that can exploit an SMBv3 compression remote code execution (RCE) vulnerability CVE-2020-0796 on unpatched Windows systems.
Google has released Chrome 83.0.4103.97 for Windows, Mac and Linux. In addition, the company also released new versions of Chrome for iOS and Android.
The Mozilla Foundation has released Firefox 77 with new DevTool improvements and web platform updates. The update also includes fixes for multiple vulnerabilities.
Apple has released a patch for a previously disclosed "Unc0ver" jailbreak 0-day vulnerability. The security updates and patch address iOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, watchOS 6.2.6, tvOS 13.4.6 and other products.
TrickBot recently replaced one of its propagation modules "mworm" with new module named "nworm." The updated module can exploit vulnerable domain controllers (DCs) and evade detection by running in memory.
VMware issued a security advisory for multiple vulnerabilities that impact VMware ESXi, Workstation, Fusion, VMRC and Horizon Client products. An attacker could exploit one of these vulnerabilities and take control of an unpatched system.
The National Security Agency (NSA) issued a new warning of Russian cyber actors exploiting an Exim Mail Transfer Agent (MTA) vulnerability CVE-2019-10149. The cyber attacks have been ongoing since last August.
Apple has released security updates for macOS Catalina 10.15.5, Safari 13.1.1, iOS 13.5 and other products.
Security researchers have discovered a new version of Sarwent malware that has new command functionality, such as executing PowerShell commands and preference for using RDP.
Microsoft has issued an out-of-band patch for a privileged escalation vulnerability in Microsoft Edge (Chromium-based). Microsoft said the vulnerability CVE-2020-1195 exists in Edge when the Feedback extension improperly validates input.