Vulnerabilities & Exploits

The 2020 CWE Top 25 Most Dangerous Software Weaknesses

• Post author:Frank Crast
• Post published:August 22, 2020
• Post category:Application Security / Cybersecurity Articles / Vulnerabilities & Exploits

The Homeland Security Systems Engineering and Development Institute (HSSEDI), has released the 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list.

Continue Reading The 2020 CWE Top 25 Most Dangerous Software Weaknesses

Cisco patches Critical default credentials vulnerability (CVE-2020-3446) in network appliances

• Post author:Frank Crast
• Post published:August 20, 2020
• Post category:Security Updates & Patches / Vulnerabilities & Exploits

Cisco patched a Critical default credentials vulnerability CVE-2020-3446 in Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series network appliances.

Continue Reading Cisco patches Critical default credentials vulnerability (CVE-2020-3446) in network appliances

Google releases Chrome security update (84.0.4147.135)

• Post author:Frank Crast
• Post published:August 20, 2020
• Post category:Security Updates & Patches / Vulnerabilities & Exploits

Google has released Chrome 84.0.4147.135 security update for Windows, Mac and Linux. An attacker could exploit these vulnerabilities to take control of impacted systems.

Continue Reading Google releases Chrome security update (84.0.4147.135)

Jenkins patches Critical vulnerability (CVE-2019-17638)

• Post author:Frank Crast
• Post published:August 18, 2020
• Post category:Application Security / Vulnerabilities & Exploits

Jenkins, a popular open source automation server software, has patched a Critical buffer corruption vulnerability CVE-2019-17638 in bundled Jetty.

Continue Reading Jenkins patches Critical vulnerability (CVE-2019-17638)

XCSSET mac malware targets Xcode projects to deliver malicious payloads

• Post author:Frank Crast
• Post published:August 17, 2020
• Post category:Cybersecurity Attacks / Malware / Vulnerabilities & Exploits

Security researchers have discovered a new mac malware dubbed XCSSET. The malware not only inserts malicious code into XCode projects, but also leverages two zero-days to exploit a flaw in Data Vaults and plant a JavaScript backdoor in Safari.

Continue Reading XCSSET mac malware targets Xcode projects to deliver malicious payloads

Apache patches two Struts 2 vulnerabilities

• Post author:Frank Crast
• Post published:August 14, 2020
• Post category:Security Updates & Patches / Vulnerabilities & Exploits

The Apache Software Foundation has patched two vulnerabilities in Apache Struts 2 that could result in remote code execution (RCE) or Denial of Service (DoS). An attacker could exploit one…

Continue Reading Apache patches two Struts 2 vulnerabilities

Microsoft August 2020 Security and Adobe Updates

• Post author:Frank Crast
• Post published:August 12, 2020
• Post category:Security Updates & Patches / Vulnerabilities & Exploits

Microsoft has released August 2020 Security updates, that includes a patch for an actively attacked memory corruption vulnerability (CVE-2020-1380) in the Scripting Engine. Adobe also released updates for Adobe Acrobat and Reader, as well as Lightroom.

Continue Reading Microsoft August 2020 Security and Adobe Updates

Google releases Chrome security update (84.0.4147.125)

• Post author:Frank Crast
• Post published:August 11, 2020
• Post category:Security Updates & Patches / Vulnerabilities & Exploits

Google has released Chrome 84.0.4147.125 security update for Windows, Mac and Linux.

Continue Reading Google releases Chrome security update (84.0.4147.125)

FBI: Cyberattackers target EOL Windows 7 systems

• Post author:Frank Crast
• Post published:August 6, 2020
• Post category:Configuration Management / Cybersecurity Attacks / Vulnerabilities & Exploits

The Federal Bureau of Investigation (FBI) issued a private industry notification warning that cyberattackers continue to target end of life (EOL) Windows 7 systems.

Continue Reading FBI: Cyberattackers target EOL Windows 7 systems

GRUB2 bootloader buffer overflow vulnerability

• Post author:Frank Crast
• Post published:August 1, 2020
• Post category:Security Updates & Patches / Vulnerabilities & Exploits

Security experts at the CERT Coordination Center are warning of a GRUB2 bootloader buffer overflow vulnerability that affects multiple products.

Continue Reading GRUB2 bootloader buffer overflow vulnerability