Mozilla releases Firefox 71
The Mozilla Foundation has released Firefox 71 that addresses multiple vulnerabilities. Attackers could exploit some of the vulnerabilities to take control of impacted systems.
Attackers reverse Outlook vulnerability CVE-2017-11774 patch functionality
Researchers at FireEye have spotted an uptick in active exploits of CVE-2017-11774, an Outlook security feature bypass vulnerability. Attackers are also actively reversing Outlook vulnerability patch functionality. To help protect against such exploits, FireEye has provided Outlook hardening guidelines.
StrandHogg Android vulnerability under active attack by dozens of malicious apps
Security researchers have discovered a dangerous Android vulnerability dubbed “StrandHogg” under active attack by dozens of malicious apps. To add, 500 of the most popular apps may also be vulnerable to the StrandHogg vulnerability.
Kaspersky finds dozens of VNC remote access vulnerabilities
Security experts from Kaspersky have discovered 37 vulnerabilities in four VNC implementations, some that have gone undetected since 1999.
Apache Solr Remote Code Execution vulnerability exploit code published
A security researcher has published proof of concept (PoC) for exploit code of an Apache Solr remote code execution vulnerability CVE-2019-12409.
BIND security update
The Internet Systems Consortium (ISC) has released a security update that fixes a vulnerability in multiple versions of ISC Berkeley Internet Name Domain (BIND).
Chrome browser and OS security updates
Google has released a new security update for Chrome browser 78.0.3904.108 for Windows, Mac and Linux, as well as a Chrome OS update.
GitHub launches ‘Security Lab’ to help secure open source software
GitHub, one of the world’s leading software development platforms, has launched GitHub Security Lab with aim to secure open source software.
VMware patches 5 vulnerabilities in multiple products
VMware has published a security advisory for multiple vulnerabilities that impact VMware ESXi, Workstation, and Fusion.
Microsoft November 2019 Security Updates
Microsoft issued the November 2019 Security Updates that include 74 unique vulnerability fixes, 13 of those rated critical. In addition, Microsoft provided guidance for a vulnerability CVE-2019-16863 in Trusted Platform Module (TPM).