Microsoft released 10 security bulletins on Patch Tuesday that included patches for five zero day vulnerabilities under attack that had not been publicly disclosed until today.
Tag Archives: remote code execution
Beware! You Can Get Hacked Just by Opening a 'JPEG 2000' Image
Researchers have disclosed a critical zero-day vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library, which could allow an attacker to remotely execute arbitrary code on the affected systems.
Discovered by security researchers at Cisco Talos group, the zero-day flaw, assigned as TALOS-2016-0193/CVE-2016-8332, could allow an out-of-bound heap write to occur
Critical MySQL Vulnerability Disclosed
A researcher has disclosed some details and a limited proof-of-concept for a critical MySQL vulnerability. The flaw has been patched in MariaDB and PerconaDB.
A Month Without Adobe Flash Player Patches
Adobe rolled out patches for four vulnerabilities in Adobe Experience Manager, the first time since January its monthly patch release cycle has not included a Flash Player security update.
PornHub Pays Hackers $20,000 to Find Zero-day Flaws in its Website
Cyber attacks get bigger, smarter, more damaging.
PornHub launched its bug bounty program two months ago to encourage hackers and bug bounty hunters to find and responsibly report flaws in its services and get rewarded.
Now, it turns out that the world’s most popular pornography site has paid its first bounty payout. But how much?
US $20,000!
<!– adsense –>
Yes, PornHub has paid $20,000
3 Popular Drupal Modules Found Vulnerable — Patch Released
Just yesterday, I wrote a warning article announcing that Drupal – the popular open source content management system – will release patches for several highly critical Remote Code Execution (RCE) bugs that could allow attackers to fully take over any affected site.
Below are the three separate Drupal modules that affect up to 10,000 websites:
1. RESTful Web Services – a popular module used
Drupal Patches Remote Code Execution Vulnerabilities in Three Modules
Developers with the open source content management framework Drupal patched a series of highly critical remote code execution bugs in three separate modules today. If exploited, the bugs could let an attacker take over any site running the modules.
Cisco Won’t Patch Critical RV Wireless Router Vulnerability Until Q3
Cisco said its RV wireless routers and firewalls are vulnerable to remote code execution at root level. A Q3 2016 firmware update will patch the flaw.
Lenovo Tells Users to Uninstall Vulnerable Updater
An advisory from PC maker Lenovo recommends that users uninstall Lenovo Accelerator Application, which includes components rife with security vulnerabilities.
Microsoft Patches JScript, VBScript Flaw Under Attack
Microsoft’s Patch Tuesday security bulletins include a patch for a JScript and VBScript scripting engine vulnerability being publicly exploited.