Security News

Microsoft warns of critical PowerShell 7 code execution vulnerability
2021-07-02 13:20

NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in. PowerShell provides a command-line shell, a framework, and a scripting language focused on automation for processing PowerShell cmdlets.

Zephyr RTOS fixes Bluetooth bugs that may lead to code execution
2021-06-22 18:03

The Zephyr real-time operating system for embedded devices received an update earlier this month that fixes multiple vulnerabilities that can cause a denial-of-service condition and potentially lead to remote code execution. Matias Karhumaa, a senior software engineer at Synopsys, an American electronic design automation company, found eight vulnerabilities in Zephyr after testing the lowest layers of the operating system's Bluetooth LE stack.

Lexmark Printers Open to Arbitrary Code-Execution Zero-Day
2021-06-22 16:17

Lexmark printers - those ubiquitous, inky office workhorses that fill homes and offices, and are found all the way on up to the federal government - have an unpatched vulnerability that could lead to serious, easy-to-execute attacks that require neither privileges nor user interaction and which can lead to arbitrary code execution. Beyond known security vulnerabilities, Lexmark printers have in the past been prone to a trivial hack thanks to what researchers have called "Gross negligence" on the part of users.

ALPACA: New TLS Attack Allows User Data Extraction, Code Execution
2021-06-10 11:26

Researchers from three universities in Germany have identified a new TLS attack method that can allow a man-in-the-middle attacker to extract user data or execute arbitrary code. The new attack, dubbed ALPACA, has been described as an "Application layer protocol content confusion attack."

Microsoft Office MSGraph vulnerability could lead to code execution
2021-06-08 15:15

Microsoft today will release a patch for a vulnerability affecting the Microsoft Office MSGraph component, responsible for displaying graphics and charts, that could be exploited to execute code on a target machine. According to the researchers, the issue is in a MSGraph file parsing function, which "Is commonly used across multiple different Microsoft Office products, such as Excel, Office Online Server and Excel for OSX.".

Siemens Addresses Code Execution Vulnerabilities Found in Popular CAD Library
2021-05-27 11:13

Siemens on Tuesday released an advisory to inform customers about several high-severity vulnerabilities affecting its Solid Edge product. The vulnerabilities were discovered in Siemens Solid Edge last year by security researcher Andrea Micalizzi, who has identified many vulnerabilities in industrial systems over the past years.

Code Execution Flaw in Checkbox Survey Exploited in the Wild
2021-05-27 03:48

A Checkbox Survey vulnerability that could allow a remote attacker to execute arbitrary code without authentication is being exploited in the wild, the CERT Coordination Center at Carnegie Mellon University warns. A flexible online survey tool written in ASP.NET, Checkbox Survey helps organizations create professional surveys that can be easily accessed from either desktop computers or mobile devices.

Cisco Patches Code Execution Flaw in VPN Product 6 Months After Disclosure
2021-05-14 13:29

Cisco this week announced the availability of patches for a high-severity vulnerability in AnyConnect Secure Mobility Client that could be exploited for code execution. Initially disclosed in November 2020, the flaw affects the interprocess communication channel of the secure VPN application and could be abused by a local attacker to cause an AnyConnect user to run a malicious script.

21 nails in Exim mail server: Vulnerabilities enable 'full remote unauthenticated code execution', millions of boxes at risk
2021-05-05 17:20

Researchers at security biz Qualys discovered 21 vulnerabilities in Exim, a popular mail server, which can be chained to obtain "a full remote unauthenticated code execution and gain root privileges on the Exim Server." Exim is a mail transfer agent, responsible for receiving and forwarding email messages.

Microsoft finds critical code execution bugs in IoT, OT devices
2021-04-29 22:05

Microsoft security researchers have discovered over two dozen critical remote code execution vulnerabilities in Internet of Things devices and Operational Technology industrial systems. Threat actors can exploit them to trigger system crashes and execute malicious code remotely on vulnerable IoT and OT systems.