Firefox security update (72.0.1) fixes Critical vulnerability under attack
Just a day after releasing Firefox 72, the Mozilla Foundation released a new security update 72.0.1 that addresses a critical security vulnerability under active attack.
The top 20 vulnerabilities to patch now (that are most under attack)
Security firm Verint analyzed the top 20 vulnerabilities to patch now that are under active attack and exploited by cyber attack groups worldwide. The report is aimed at assisting security teams in prioritizing and enhancing their organization's patch management efforts.
Scammers exploit Firefox bug and post scary warning message
Fraudsters are actively exploiting a bug in Firefox that causes the browser to freeze with a warning message the victim computer is running a pirated version of Windows.
Chrome security update fixes zero-day exploited in the wild
Google has released a new security update for Chrome browser 78.0.3904.87 for Windows, Mac and Linux. There are reports of one of those vulnerabilities CVE-2019-13720 being exploited in the wild.
Hacker publishes vBulletin zero-day exploit
An anonymous hacker posted exploit code for a remote code execution vulnerability in version 5 of the popular vBulletin forum software. vBulletin is used on over 100,000 social websites.
Microsoft issues out-of-band patches (Critical IE CVE-2019-1367 exploited in wild)
Microsoft has released out-of-band patches for Internet Explorer and Microsoft Defender products. The IE zero-day bug is marked critical and is actively exploited in the wild.
phpMyAdmin zero-day vulnerability (CVE-2019-12922)
A security researcher recently detected a zero-day CSRF vulnerability CVE-2019-12922 in phpMyAdmin 4.9.0.1, which allows the deletion of any server in the Setup page.
Microsoft September 2019 Security Updates
Microsoft issued the September 2019 Security Updates that include 79 unique vulnerability fixes, 17 of those rated critical. In addition, two of the patches address two 0-day Privileged Escalation vulnerabilities CVE-2019-1214 and CVE-2019-1215.
iOS exploit chains discovered in the wild
A group of hackers have been using compromised websites to launch watering hole attacks against iPhone users who visit the websites. The attacks also use five different exploit chains and exploit 0-day vulnerabilities that don't require any user interaction.
Firefox security update fixes critical zero-day flaw abused in the wild
Mozilla has released a security update that fixes a critical vulnerability in Firefox 67.0.3 and Firefox ESR 60.7.1.