Ken's Automated News Feed Aggregator
Current Description. In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The `Faye::WebSocket::Client` class uses the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake w…
Continue ReadingMicrosoft has addressed 120 vulnerabilities with its August 2020 Patch Tuesday updates, including a Windows spoofing bug and a remote code execution flaw in Internet Explorer that have been exploited in attacks. The Windows spoofing vulnerability, trac…
Continue ReadingTeamViewer recently patched a high-risk vulnerability in its desktop app for Windows by releasing a new version of its software, which if exploited, could let remote attackers steal your system password and potentially exploit it. What’s more worrying …
Continue ReadingExploit availability: No Description. CWE-401 – Improper Release of Memory Before Removing Last Reference (‘Memory Leak’) The vulnerability allows a remote attacker to gain access to sensitive information. The vulnerability exists due memory leak. A re…
Continue Readingtechnology Citrix releases fix for software bug that hackers ‘will move quickly to exploit’
Citrix has released patches for the bugs in its mobile-networking software.
Written by Aug 11, 2020 | CYBERSCOOP. Sean Lyngaas A newly revealed set of vulnera…
Continue Reading.
Citrix on Tuesday released patches to address multiple vulnerabilities in Citrix Endpoint Management (CEM), which allow an attacker to gain administrative privileges on affected systems. Often referred to as XenMobile, the Citrix Endpoint Management…
Continue ReadingAdobe has plugged 11 critical security holes in Acrobat and Reader, which if exploited could allow attackers to remotely execute code or sidestep security features in the app. As part of its regularly scheduled security updates , Tuesday, Adobe fixed c…
Continue Reading(published: August 8, 2020) During this year’s DEF CON conference, security researcher Barak Sternberg has shown how vulnerabilities in IoT devices could be compromised. When a user registers a new account on the mobile application, another account is …
Continue ReadingJScript RAT in Our Browser. We observed the c.js JScript RAT downloaded from the assurancetemporaireenligne[.]com domain on April 18. The PowerShell command used by the exploit of the CVE-2019-0752 vulnerability can be found in Figure 1. In this sectio…
Continue ReadingAn update that solves two vulnerabilities and has two fixes is now available. SUSE Security Update: Security update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2194-1 Rating: mod…
Continue Reading