Security experts are again warning that advanced persistent threat (APT) actors are exploiting vulnerabilities in multiple Virtual Private Network (VPN) applications.
Microsoft has re-released security and software updates that include the patch for Critical IE CVE-2019-1367 recently exploited in the wild. The latest update addresses a known printing issue reported by customers after the last patch was released on September 23, 2019.
Cisco has released ten Cisco Security Advisories that address 18 high risk vulnerabilities in Cisco ASA, FMC and FTD software.
Attackers are using a "fileless" malware dubbed Divergent to generate revenue via click-fraud. Divergent further uses NodeJS and a WinDivert utlility to facilitate the malware attack.
Apple released security updates that fix vulnerabilities in iOS, iPadOS, Safari, tvOS and other products.
An anonymous hacker posted exploit code for a remote code execution vulnerability in version 5 of the popular vBulletin forum software. vBulletin is used on over 100,000 social websites.
Microsoft has released out-of-band patches for Internet Explorer and Microsoft Defender products. The IE zero-day bug is marked critical and is actively exploited in the wild.
Atlassian has issued a security update for Jira Service Desk Server and Jira Service Desk Data Center. The update includes a fix for a critical URL path traversal vulnerability CVE-2019-14994 that could allow information disclosure.
A security researcher recently detected a zero-day CSRF vulnerability CVE-2019-12922 in phpMyAdmin 126.96.36.199, which allows the deletion of any server in the Setup page.
VMware issued a security advisory for two vulnerabilities that impact multiple VMware products. The vulnerability severity ranges from a CVSS v3 base score of 4.7 to 8.5.