APT attackers exploit multiple VPN software vulnerabilities
Security experts are again warning that advanced persistent threat (APT) actors are exploiting vulnerabilities in multiple Virtual Private Network (VPN) applications.
Microsoft re-releases patch for Critical IE CVE-2019-1367 (exploited in wild)
Microsoft has re-released security and software updates that include the patch for Critical IE CVE-2019-1367 recently exploited in the wild. The latest update addresses a known printing issue reported by customers after the last patch was released on September 23, 2019.
Cisco fixes 18 high risk vulnerabilities in ASA, FMC and FTD software
Cisco has released ten Cisco Security Advisories that address 18 high risk vulnerabilities in Cisco ASA, FMC and FTD software.
Divergent “fileless” NodeJS malware used for click-fraud
Attackers are using a "fileless" malware dubbed Divergent to generate revenue via click-fraud. Divergent further uses NodeJS and a WinDivert utlility to facilitate the malware attack.
Apple security updates for iOS 13, macOS and other products (update)
Apple released security updates that fix vulnerabilities in iOS, iPadOS, Safari, tvOS and other products.
Hacker publishes vBulletin zero-day exploit
An anonymous hacker posted exploit code for a remote code execution vulnerability in version 5 of the popular vBulletin forum software. vBulletin is used on over 100,000 social websites.
Microsoft issues out-of-band patches (Critical IE CVE-2019-1367 exploited in wild)
Microsoft has released out-of-band patches for Internet Explorer and Microsoft Defender products. The IE zero-day bug is marked critical and is actively exploited in the wild.
Jira Service Desk critical security update
Atlassian has issued a security update for Jira Service Desk Server and Jira Service Desk Data Center. The update includes a fix for a critical URL path traversal vulnerability CVE-2019-14994 that could allow information disclosure.
phpMyAdmin zero-day vulnerability (CVE-2019-12922)
A security researcher recently detected a zero-day CSRF vulnerability CVE-2019-12922 in phpMyAdmin 4.9.0.1, which allows the deletion of any server in the Setup page.
VMware patches two vulnerabilities in multiple products
VMware issued a security advisory for two vulnerabilities that impact multiple VMware products. The vulnerability severity ranges from a CVSS v3 base score of 4.7 to 8.5.