/ Security News /

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on Wednesday issued a joint advisory warning of active exploitation of vulnerabilities in Microsoft Exchange on-premises products by nation-state actors and cybercriminals. “CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for …

/ Security News /

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers end-to-end application lifecycle …

/ Security News /

Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response. “SoReL-20M” (short for Sophos-ReversingLabs – 20 Million), as it’s called, is a dataset containing metadata, labels, and …

/ Security News /

Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems. Called the Adversarial ML Threat Matrix, the initiative is an attempt to organize the different techniques employed by malicious adversaries in subverting …

/ Security News /

It’s not ‘Patch Tuesday,’ but software giant Adobe today released emergency updates for three of its widely used products that patch dozens of newly discovered critical vulnerabilities. The list of affected software includes Adobe Illustrator, Adobe Bridge, and Magento e-commerce platform, containing a total of 35 vulnerabilities where each one of them is affected with …

/ Security News /

Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically. The vulnerability, tracked as CVE-2020-0796, in question is a remote code execution flaw that impacts Windows 10 version …

/ Security News /

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised. The vulnerability, tracked as CVE-2019-0090, resides in the hard-coded firmware running on the ROM (“read-only …

/ Security News /

It’s now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers. Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [1, 2] for a recently disclosed remote code execution vulnerability in Citrix’s NetScaler ADC and …

/ Security Assessments News /

It has been a week since the release of Checkra1n, the world’s first jailbreak for devices running Apple’s iOS 13. Because jailbreaks are so powerful and by definition disable a host of protections built into the OS, many people have rightly been eyeing Checkra1n—and the Checkm8 exploit it relies on—cautiously. What follows is a list …

/ Security News /

A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers. Exim maintainers today released an urgent security update—Exim version 4.92.3—after publishing an early warning two days ago, giving system administrators an …