ADVISORY: Ripple20 vulnerability advisories, patches, and updates

Posted by & filed under Security Alerts.

The dust is far from settled following the disclosure of the 19 vulnerabilities in the TCP/IP stack from Treck, collectively referred to as Ripple20, which could help attackers take full control of vulnerable devices on the network. Treck’s code is fundamental for the embedded devices it is implemented on because it bestows network communication to them… Read more »

An Undisclosed Critical Vulnerability Affect vBulletin Forums

Posted by & filed under Security Alerts.

If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability. Maintainers of the vBulletin project recently announced an important patch update but didn’t reveal any information on the underlying security vulnerability, identified as CVE-2020-12720. Written in… Read more »

Critical Vulnerabilities in Microsoft Windows Operating Systems

Posted by & filed under Security Alerts.

On January 14, 2020, Microsoft released software fixes to address 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among the vulnerabilities patched were critical weaknesses in Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client. An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections: CryptoAPI… Read more »

Flaw in Elementor and Beaver Addons makes WordPress Sites vulnerable

Posted by & filed under Security Alerts.

Your website could easily get hacked if you are using “Ultimate Addons for Beaver Builder,” or “Ultimate Addons for Elementor” and haven’t recently updated them to the latest available versions. Security researchers have discovered a critical yet easy-to-exploit authentication bypass vulnerability in both widely-used premium WordPress plugins that could allow remote attackers to gain administrative… Read more »

Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD

Posted by & filed under Security Alerts.

OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework. The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an… Read more »