Microsoft fixes four zero-day flaws in Exchange Server exploited by China’s ‘Hafnium’ spies to steal victims’ data

Patch ASAP: Holes used to raid top-tier targets and stash info in Kim Dotcom’s old cloud file locker Microsoft says Beijing-backed hackers are exploiting four zero-day vulnerabilities in Exchange Server to steal data from US-based defense contractors, law firms, and infectious disease researchers.… The Register – Security

Supermicro, Pulse Secure release fixes for ‘TrickBoot’ attacks

Supermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the TrickBot malware’s UEFI firmware-infecting module, known as TrickBoot. […] BleepingComputer

Symantec Fixes Privilege Escalation Flaw in Endpoint Protection

Symantec fixed a local privilege escalation security flaw affecting all Symantec Endpoint Protection software versions prior to 14.2 RU2, and allowing attackers to escalate privileges on compromised devices and execute malicious code using SYSTEM privileges. […] BleepingComputer

Cisco fixes small business routers, kills eavesdropping vulnerability in conferencing devices

Cisco has released security updates for a variety of its products – owners of Small Business RV Series Routers, Web Security Appliances and TelePresence devices should pay extra attention. Small Business Routers Several series of Cisco Small Business RV Series Routers are vulnerable to remote code execution (via malicious HTTP request) and command injection (through […]

Oracle Fixes Critical Bug in WebLogic Server Web Services

Oracle on Tuesday announced a patch for a remote code execution vulnerability affecting specific versions of the WebLogic Server. The bug bypasses a previously fixed flaw and researchers say it is actively used in attacks. […] BleepingComputer

Next Page »