Oracle has released a Critical Patch Update Advisory for multiple security vulnerabilities (January 2019). The advisory further states that ‘Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes.
The Adobe Product Security Incident Response Team (PSIRT) released security updates for Adobe Acrobat and Reader products targeting Windows and MacOS users.
Redhat security advisory reveals that ‘An integer overflow flaw was found in the Linux kernel's create_elf_tables() function.
As per the Cisco Security Advisory, a vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot.
Twitter has sent out an alert to all its users asking them to change their passwords. This after Twitter’s team found out that their user’s passwords were recorded in plain text in a log file accessible only internally.
This advisory focuses on the CISCO XE vulnerability.
This advisory focuses on the Remote Code Execution vulnerability.
There are confirmed usable exploits targeting memcached servers by leveraging Distributed Denial of Service attacks. Red Hat has come out to provide guidance on how to prevent this type of attack.
MITRE CNA - In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
The Scans from a recently completed binary code scan for known security vulnerabilities in Wi-Fi routers show that while KRACK may be the newest and potentially most harmful WPA2 security vulnerability, the firmware offered by router OEMs contains numerous known security vulnerabilities that can
CISCO – A vulnerability in the XML parser of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.
There are confirmed vulnerabilities in most commonly used computer microprocessor architectures (Current analysis shows this affects chips manufactured by Intel, AMD and ARM).
All version of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. This maybe exploited to compromise a server. Administrators are advised to patch up.
Microsoft released guidance to ensure that Microsoft Office applications are properly secured when processing Dynamic Data Exchange (DDE) Fields.
The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organisations to develop, purchase and maintain applications and APIs that can be trusted.
The Global Cyber Alliance (GCA) and its partners (IBM Security & Packet Clearing House) have launched a DNS service that will assist user’s improve their privacy and security protection against web based threats.
Good news is that the WordPress security team has worked out a release to fix this vulnerability. For those using the WordPress themes for your websites, kindly see further instructions on how to update to Version 4.8.3 via:-
This Flash vulnerability could allow remote code execution, and is rated as Critical.
Bad Rabbit ransomware encrypts victim’s files and disk using the AES-128-CBC and RSA-2048 algorithms