Microsoft has issued a new security advisory for two remote code execution (RCE) vulnerabilities in Adobe Type Manager (ATM) Library exploited in the wild. Microsoft also published several workarounds to reduce risk until a patch is rolled out.
Trend Micro has patched five vulnerabilities in multiple products. The updates address two zero-days - one Critical risk vulnerability CVE-2020-8467 and another High risk vulnerability CVE-2020-8468 under active attack in the wild. In addition, the company also patched three other Critical vulnerabilities that require no authentication to exploit.
Google has released security update for Chrome (80.0.3987.122) for Windows, Mac and Linux. The update also patches a zero-day vulnerability CVE-2020-6418 exploited in the wild.
Microsoft issued the February 2020 Security Updates that include 101 unique vulnerability fixes, 13 of those rated critical. The update also includes a patch for an IE zero-day scripting engine vulnerability CVE-2020-0674 disclosed in January.
Security experts from Microsoft have revealed threat actors are increasingly using web shell attacks in their campaigns. Microsoft's investigation revealed actors such as ZINC, KRYPTON, and GALLIUM, exploit known vulnerabilities to implant web shells on internet-facing web servers.
Just a day after releasing Firefox 72, the Mozilla Foundation released a new security update 72.0.1 that addresses a critical security vulnerability under active attack.
Security firm Verint analyzed the top 20 vulnerabilities to patch now that are under active attack and exploited by cyber attack groups worldwide. The report is aimed at assisting security teams in prioritizing and enhancing their organization's patch management efforts.
Fraudsters are actively exploiting a bug in Firefox that causes the browser to freeze with a warning message the victim computer is running a pirated version of Windows.
Google has released a new security update for Chrome browser 78.0.3904.87 for Windows, Mac and Linux. There are reports of one of those vulnerabilities CVE-2019-13720 being exploited in the wild.
An anonymous hacker posted exploit code for a remote code execution vulnerability in version 5 of the popular vBulletin forum software, used on over 100,000 social websites.