Citrix Warns of Critical Flaws in XenMobile Server
Citrix said that it anticipates malicious actors “will move quickly to exploit” two critical flaws in its mobile device management software.
TikTok Surreptitiously Collected Android User Data Using Google-Prohibited Tactic
App concealed the practice of gathering device unique identifiers using an added layer of encryption.
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
Executive summary In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for…
Agent Tesla Spyware Adds Fresh Tricks to Its Arsenal
The RAT is surging in 2020, becoming more prevalent than even the infamous TrickBot or Emotet malware.
Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft
One of the two zero-day bugs is rated ‘critical’ and is classified as a remote code-execution bug impacting Microsoft’s Internet Explorer.
Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules
A critical privilege-escalation flaw affects several popular Intel motherboards, server systems and compute modules.
Critical Adobe Acrobat and Reader Bugs Allow RCE
Adobe patched critical and important-severity flaws tied to 26 CVEs in Acrobat and Reader.
Cybersecurity Skills Gap Worsens, Fueled by Lack of Career Development
The fundamental causes for the skill gap are myriad, starting with a lack of training and career-development opportunities.
Samsung Quietly Fixed Critical Galaxy Flaws Allowing Spying, Data Wiping
Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users.
Researcher Publishes Bypass for Patch for vBulletin 0-Day Flaw
Three separate proof-of-concepts on Bash, Python and Ruby posted to outsmart fix issued last year to remedy pre-auth RCE bug.