Cybercrime, the CVE-2017-8570 vulnerability exploited to spread AgentTesla
CSIRT-Italy cybersecurity experts: The information of interest is then exfiltered via smtp.
NAME:WRECK vulnerabilities expose over 100 million devices
JSOF and Forescout cybersecurity experts: They are 9 flows affecting DNS clients of 4 TCP/IP stacks and causing DoS or RCE.
Cybercrime, web shell attacks on servers continue to grow
Microsoft cybersecurity experts: It may be attributed to how simple and effective they can be. Attackers exploit vulnerabilities in web applications.
WordPress, NextGen Gallery fixed its last vulnerabilities
Wordfence cybersecurity experts: The plugin with over 800,000 installations had two Cross-Site Request Forgery (CSRF) flaws
Cybercrime, WordPress hit by waves of attacks targeting Epsilon Framework themes
Wordfence cybersecurity experts: They exploit Function Injection and other older vulnerabilities, The aggressions seem to search flaws.
Cybersecurity, new severe RCE vulnerability on WebLogic Server
The company: It is remotely exploitable without authentication, letting remote attacker to take control of an affected system. Patch the CVE-2020-14750 now!
Cyber security, new RCE flaw on Microsoft Exchange Server
The researcher Steven Seeley: It’s due to improper validation of cmdlet arguments. Exploitation requires an authenticated user in a certain role. Patches have been released.
Cyber Security, Microsoft fixes urgently two Codec vulnerabilities
They are the CVE-2020-1425 and the CVE-2020-1457, and affects Library on several Windows 10 and Windows Server versions. Up to date, there aren’t any alternative mitigating measures.
Cyber Security, Microsoft patches the Windows 10 “SMBGhost”
The CVE-2020-0796 affected the Server Message Block 3.1.1 (SMBv3). It could enable remote and arbitrary code execution, potentially taking control of the system. Moreover, it was wormable.
Microsoft increase cyber security of its products fixing 59 vulnerabilities
Nine of them were “Critical”, the others “Important” or “Moderate”. The first could allow an attacker to take control of an affected system, thanks to RCS. UPDATE the systems now!