Critical Vulnerabilities in Microsoft Windows Operating Systems

Posted by & filed under Security Alerts.

On January 14, 2020, Microsoft released software fixes to address 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among the vulnerabilities patched were critical weaknesses in Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client. An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections: CryptoAPI… Read more »

Flaw in Elementor and Beaver Addons makes WordPress Sites vulnerable

Posted by & filed under Security Alerts.

Your website could easily get hacked if you are using “Ultimate Addons for Beaver Builder,” or “Ultimate Addons for Elementor” and haven’t recently updated them to the latest available versions. Security researchers have discovered a critical yet easy-to-exploit authentication bypass vulnerability in both widely-used premium WordPress plugins that could allow remote attackers to gain administrative… Read more »

Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD

Posted by & filed under Security Alerts.

OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework. The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an… Read more »

Actively Exploited StrandHogg Vulnerability Affects Android OS

Posted by & filed under Security Alerts.

A newly discovered Android vulnerability is actively exploited by malware such as the BankBot banking Trojan and it impacts all versions of the operating system up to and including Android 10. The new vulnerability discovered by Promon security researchers was named StrandHogg and it can be exploited without the need of rooting the device. Once exploited, it… Read more »

Check Point Patches Privilege Escalation Flaw in Endpoint Client

Posted by & filed under Security Alerts.

Check Point Software patched a vulnerability discovered in its Endpoint Security Initial Client software for Windows allowing potential attackers to escalate privileges and execute code using SYSTEM privileges. The privilege escalation security flaw tracked as CVE-2019-8790  ( //cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8790 ) makes it possible for attackers to run malicious payloads using system-level privileges as well as evade anti-malware detection… Read more »