Advisories

Twitter has sent out an alert to all its users asking them to change their passwords. This after Twitter’s team found out that their user’s passwords were recorded in plain text in a log file accessible only internally.

This advisory focuses on the CISCO XE vulnerability.

This advisory focuses on the Remote Code Execution vulnerability.

There are confirmed usable exploits targeting memcached servers by leveraging Distributed Denial of Service attacks. Red Hat has come out to provide guidance on how to prevent this type of attack.

MITRE CNA - In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.

The Scans from a recently completed binary code scan for known security vulnerabilities in Wi-Fi routers show that while KRACK may be the newest and potentially most harmful WPA2 security vulnerability, the firmware offered by router OEMs contains numerous known security vulnerabilities that can

CISCO – A vulnerability in the XML parser of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.

There are confirmed vulnerabilities in most commonly used computer microprocessor architectures (Current analysis shows this affects chips manufactured by Intel, AMD and ARM).

All version of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. This maybe exploited to compromise a server. Administrators are advised to patch up.

Microsoft released guidance to ensure that Microsoft Office applications are properly secured when processing Dynamic Data Exchange (DDE) Fields.

The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organisations to develop, purchase and maintain applications and APIs that can be trusted.

The Global Cyber Alliance (GCA) and its partners (IBM Security & Packet Clearing House) have launched a DNS service that will assist user’s improve their privacy and security protection against web based threats.

Good news is that the WordPress security team has worked out a release to fix this vulnerability. For those using the WordPress themes for your websites, kindly see further instructions on how to update to Version 4.8.3 via:-

This Flash vulnerability could allow remote code execution, and is rated as Critical.

Bad Rabbit ransomware encrypts victim’s files and disk using the AES-128-CBC and RSA-2048 algorithms

These vulnerabilities affect devices running IOS and IOS XE software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

A collection of Bluetooth implementation vulnerabilities known as "BlueBorne" has been released.

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address two critical memory corruption vulnerabilities that could lead to code execution.

Microsoft released security updates to provide additional protections against malicious attackers.