Microsoft gives the ‘wormable’ flaw a security rating of 10 – the most severe warning possible.
An authentication-bypass vulnerability allows attackers to access network assets without credentials when SAML is enabled on certain firewalls and enterprise VPNs.
The June Patch Tuesday update included CVEs for 11 critical remote code-execution vulnerabilities and concerning SMB bugs.
The Russian spy group, a.k.a. BlackEnergy, is actively compromising Exim mail servers via a critical security vulnerability.
CVE-2020-10245, a heap-based buffer overflow that rates 10 out of 10 in severity, exists in the CODESYS web server and takes little skill to exploit.
The botnet exploits a vulnerability discovered last month that can allow threat actors to remotely compromise and control devices.
RCE and myriad other types of attacks could take aim at the 19 percent of vulnerable companies that haven’t yet patched CVE-2019-19781.
Are publicly-released PoC exploits good or bad? Why is the Joker malware giving Google a headache? The Threatpost team discusses all this and more in this week’s news wrap.
The patches are part of Adobe’s regularly-scheduled fixes.
Cisco has issued patches for critical and high-severity vulnerabilities in its Aironet access point devices.