/ Security News /

A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers. Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days ago, giving system administrators a heads-up on its upcoming security patches …

/ Security News /

Maintainers of the PHP programming language recently released the latest versions of PHP to patch multiple high-severity vulnerabilities in its core and bundled libraries, the most severe of which could allow remote attackers to execute arbitrary code and compromise targeted servers. Hypertext Preprocessor, commonly known as PHP, is the most popular server-side web programming language …

/ Security News /

A new variant of the Spectre (Variant 1) side-channel vulnerability has been discovered that affects modern Intel CPUs which leverage speculative-execution, and some AMD processors as well, Microsoft and Red Hat warn. Identified as CVE-2019-1125, the vulnerability could allow unprivileged local attackers to access sensitive information stored in the operating system privileged kernel memory, including passwords, …

/ Security News /

This is why you should always think twice before opening innocent looking email attachments, especially word and pdf files. Cybersecurity researchers at Cisco Talos have once again discovered multiple critical security vulnerabilities in the Atlantis Word Processor that allow remote attackers to execute arbitrary code and take over affected computers. An alternative to Microsoft Word, …

/ Security News /

Security researchers have discovered a serious code execution vulnerability in the LIVE555 streaming media library—which is being used by popular media players, along with a number of embedded devices capable of streaming media. LIVE555 streaming media, developed and maintained by Live Networks, is a set of C++ libraries companies and application developers use to stream …

/ Security News /

Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves hundreds of thousands of web applications open to remote code execution attacks, including websites powered by some …

/ Security Assessments News /

Foreshadow explained in a video. Another day, another speculative execution-based attack. Data protected by Intel’s SGX—data that’s meant to be protected even from a malicious or hacked kernel—can be read by an attacker thanks to leaks enabled by speculative execution. Since publication of the Spectre and Meltdown attacks in January this year, security researchers have …

When the Spectre and Meltdown attacks were disclosed earlier this year, the expectation was that these attacks would be the first of many, as researchers took a closer look at the way that the speculative execution in modern processors could be used to leak sensitive information and undermine the security of software running on those …

/ Security News /

A critical remote code execution vulnerability has been discovered in CyberArk Enterprise Password Vault application that could allow an attacker to gain unauthorized access to the system with the privileges of the web application. Enterprise password manager (EPV) solutions help organizations securely manage their sensitive passwords, controlling privileged accounts passwords across a wide range of …

/ Security News /

Security researchers have discovered three vulnerabilities in the Spring Development Framework, one of which is a critical remote code execution flaw that could allow remote attackers to execute arbitrary code against applications built with it. Spring Framework is a popular, lightweight and an open source framework for developing Java-based enterprise applications.In an advisory released today …