Microsoft issued March 2018 Security Updates that includes 75 vulnerability fixes, 15 of them rated critical. The updates address multiple Microsoft products to include Windows, Internet Explorer, Edge, Exchange, Office, Office Services and Web Apps, ChakraCore, PowerShell and Adobe Flash.
Hackers have attacked over 1,400 Apache Solr servers late last month to install a cryptocurrency miner. Researchers say the attack resembles a similar campaign discovered back in January that targeted systems running unpatched Oracle WebLogic software. In that attack, hackers installed a mining rig used to mine Monero cryptocurrency.
Nearly 400,000 servers are at risk to a remote code execution vulnerability that impacts open-source Exim message transfer agent (MTA).
Microsoft provided security updates earlier this week to address the Spectre Variant 2 (CVE 2017-5715) data leaking vulnerability that affects Intel's Skylake H/S (6th generation Core CPUs) and Skylake U/Y & Skylake U23e (6th Generation Core m Processors).
Duo Labs has found SAML protocol vulnerabilities that impact multiple vendor single sign-on (SSO) systems.
Trend Micro security researchers have spotted an Oracle vulnerability that is being abused to deliver dual Monero miner malware. The Oracle WebLogic WLS-WSAT vulnerability (CVE-2017-10271) allows remote code execution and was patched by Oracle back in October.
Apple is rushing to fix a another 'Text Bomb' bug that crashes a number of iOS and Mac apps.
Security researchers from Trend Micro have spotted two vulnerabilities that are being exploited on popular CouchDB open source database management systems.
Microsoft issued February 2018 Security Updates that includes more than 50 fixes, 14 of them critical. The updates address multiple Microsoft products to include Windows, Internet Explorer, Edge, Office, Office Services and Web Apps, ChakraCore and Adobe Flash.
Trend Micro researchers detected a new variant of Android Remote Access Tool (AndroRAT) that targets an older publicly disclosed vulnerability (CVE-2015-1805) that allows an attacker to compromise older Android devices to perform privilege escalation.