Patch ASAP: Holes used to raid top-tier targets and stash info in Kim Dotcom’s old cloud file locker Microsoft says Beijing-backed hackers are exploiting four zero-day vulnerabilities in Exchange Server to steal data from US-based defense contractors, law firms, and infectious disease researchers.… The Register – Security
Supermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the TrickBot malware’s UEFI firmware-infecting module, known as TrickBoot. […] BleepingComputer
Symantec fixed a local privilege escalation security flaw affecting all Symantec Endpoint Protection software versions prior to 14.2 RU2, and allowing attackers to escalate privileges on compromised devices and execute malicious code using SYSTEM privileges. […] BleepingComputer
Cisco has released security updates for a variety of its products – owners of Small Business RV Series Routers, Web Security Appliances and TelePresence devices should pay extra attention. Small Business Routers Several series of Cisco Small Business RV Series Routers are vulnerable to remote code execution (via malicious HTTP request) and command injection (through […]
Oracle on Tuesday announced a patch for a remote code execution vulnerability affecting specific versions of the WebLogic Server. The bug bypasses a previously fixed flaw and researchers say it is actively used in attacks. […] BleepingComputer