Advisories

Microsoft will stop supporting and releasing updates for Windows 7 on 14 January 2020. This means there will be no technical support or software and security updates from Microsoft. Continued use of Windows 7 after this date will leave users exposed to an array of cyber threats.

Popular app “FaceApp” that offers various face-modification features is free for download but offers in-app paid features. Since the app received huge media attention scammers have created a FAKE app called “FaceApp Pro” or FaceApp Premium and are offering it FREE for download on a fake website.

An existing buffer overflow vulnerability in WhatsApp Voice Over IP (VOIP) stack allowed Remote Code Execution (RCE) through specially crafted series of Secure Real-Time Protocol (SRTCP) packets sent to a target phone number. All users are advised to update their apps to the latest version.

Researchers at Bleeping Computer have analysed the STOP ransomware and established that in addition to encrypting a victim’s file, the ransomware installs the ‘azorult password-stealing Trojan to steal account credentials, cryptocurrency wallets, desktop files and more.’ Systems administrators sh

A vulnerability discovered in Microsoft Windows 7, Windows Server 2008 and Windows Server 2008 R2 SP1 exists due to a Win32k component poorly processing objects in memory.

Oracle has released a Critical Patch Update Advisory for multiple security vulnerabilities (January 2019). The advisory further states that ‘Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes.

The Adobe Product Security Incident Response Team (PSIRT) released security updates for Adobe Acrobat and Reader products targeting Windows and MacOS users.

Redhat security advisory reveals that ‘An integer overflow flaw was found in the Linux kernel's create_elf_tables() function.

As per the Cisco Security Advisory, a vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot.

Twitter has sent out an alert to all its users asking them to change their passwords. This after Twitter’s team found out that their user’s passwords were recorded in plain text in a log file accessible only internally.

This advisory focuses on the CISCO XE vulnerability.

This advisory focuses on the Remote Code Execution vulnerability.

There are confirmed usable exploits targeting memcached servers by leveraging Distributed Denial of Service attacks. Red Hat has come out to provide guidance on how to prevent this type of attack.

MITRE CNA - In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.

The Scans from a recently completed binary code scan for known security vulnerabilities in Wi-Fi routers show that while KRACK may be the newest and potentially most harmful WPA2 security vulnerability, the firmware offered by router OEMs contains numerous known security vulnerabilities that can

CISCO – A vulnerability in the XML parser of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.

There are confirmed vulnerabilities in most commonly used computer microprocessor architectures (Current analysis shows this affects chips manufactured by Intel, AMD and ARM).

All version of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. This maybe exploited to compromise a server. Administrators are advised to patch up.

Microsoft released guidance to ensure that Microsoft Office applications are properly secured when processing Dynamic Data Exchange (DDE) Fields.

The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organisations to develop, purchase and maintain applications and APIs that can be trusted.