OpenSSL has released security updates to address several vulnerabilities that impact previous versions of OpenSSL 1.1.0 and 1.0.2.
Microsoft issued new security guidance on the Credential Security Support Provider protocol (CredSSP) vulnerability (CVE-2018-0886) that could allow remote code execution. As part of the updates, Microsoft plans to soon prevent un-patched RDP clients (that uses CredSSP) from authenticating to Windows.
Microsoft issued March 2018 Security Updates that includes 75 vulnerability fixes, 15 of them rated critical. The updates address multiple Microsoft products to include Windows, Internet Explorer, Edge, Exchange, Office, Office Services and Web Apps, ChakraCore, PowerShell and Adobe Flash.
Hackers have attacked over 1,400 Apache Solr servers late last month to install a cryptocurrency miner. Researchers say the attack resembles a similar campaign discovered back in January that targeted systems running unpatched Oracle WebLogic software. In that attack, hackers installed a mining rig used to mine Monero cryptocurrency.
Nearly 400,000 servers are at risk to a remote code execution vulnerability that impacts open-source Exim message transfer agent (MTA).
Microsoft provided security updates earlier this week to address the Spectre Variant 2 (CVE 2017-5715) data leaking vulnerability that affects Intel's Skylake H/S (6th generation Core CPUs) and Skylake U/Y & Skylake U23e (6th Generation Core m Processors).
Duo Labs has found SAML protocol vulnerabilities that impact multiple vendor single sign-on (SSO) systems.
Trend Micro security researchers have spotted an Oracle vulnerability that is being abused to deliver dual Monero miner malware. The Oracle WebLogic WLS-WSAT vulnerability (CVE-2017-10271) allows remote code execution and was patched by Oracle back in October.
Apple is rushing to fix a another 'Text Bomb' bug that crashes a number of iOS and Mac apps.