Security News

Critical MobileIron RCE Flaw Under Active Attack
2020-11-25 16:55

Separately, the Cybersecurity and Infrastructure Security Agency in October warned that APT groups are exploiting the MobileIron flaw in combination with the severe Microsoft Windows Netlogon/Zerologon vulnerability. The flaw, first reported to MobileIron by Orange Tsai from DEVCORE, could allow an attacker to execute remote exploits without authentication.

UK urges orgs to patch critical MobileIron CVE-2020-15505 RCE bug
2020-11-24 14:31

The UK National Cyber Security Centre issued an alert yesterday, prompting all organizations to patch the critical CVE-2020-15505 remote code execution vulnerability in MobileIron mobile device management systems. NCSC is warning that they are aware of hacking groups actively using the MobileIron CVE-2020-1550 vulnerability to compromise the networks in the healthcare, local government, logistics, and legal sectors.

German COVID-19 Contact-Tracing Vulnerability Allowed RCE
2020-11-19 21:34

A security vulnerability in the infrastructure underlying Germany's official COVID-19 contact-tracing app, called the Corona-Warn-App, would have allowed pre-authenticated remote code execution. Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security Lab was chasing down RCE vulnerabilities on the platform and found one in the infrastructure supporting CWA for Android and OS. The team said it worked with SAP to mitigate the issue, adding as a server-side issue, the mobile apps themselves were not impacted, and that no data was collected beyond a device's IP address.

Widespread Scans Underway for RCE Bugs in WordPress Websites
2020-11-18 21:53

Millions of malicious scans are rolling across the internet, looking for known vulnerabilities in the Epsilon Framework for building WordPress themes, according to researchers. "The security flaws on WordPress websites in themes using the Epsilon Framework are just another example of this content management system's inherent security risks," said Ameet Naik, security evangelist at PerimeterX, via email.

Researcher Discloses Critical RCE Flaws In Cisco Security Manager
2020-11-17 08:09

Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager a week after the networking equipment maker quietly released patches with version 4.22 of the platform. The flaws were responsibly reported to Cisco's Product Security Incident Response Team three months ago, on July 13.

WordPress Patches 3-Year-Old High-Severity RCE Bug
2020-10-30 20:56

The update patches a high-severity bug, which could allow a remote unauthenticated attacker to take over a targeted website via a narrowly tailored denial-of-service attack. Of the ten security bugs patched by WordPress a standout flaw, rated high-severity, could be exploited to allow an unauthenticated attacker to execute remote code on systems hosting the vulnerable website.

Oracle WebLogic Server RCE Flaw Under Active Attack
2020-10-29 14:49

The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn. If an organization hasn't updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: "Assume it has been compromised."

Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)
2020-10-29 11:29

A critical and easily exploitable remote code execution vulnerability in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. Oracle WebLogic is a Java EE application server that is part of Oracle's Fusion Middleware portfolio and supports a variety of popular databases.

Researchers: LinkedIn, Instagram Vulnerable to Preview-Link RCE Security Woes
2020-10-27 16:01

UPDATE. Link previews in popular chat apps on iOS and Android are a firehose of security and privacy issues, researchers have found. When a user sends a link through, it renders a short summary and a preview image in-line in the chat, so other users don't have to click the link to see what it points to.

Microsoft Fixes RCE Flaws in Out-of-Band Windows Update
2020-10-16 20:47

One flaw exists in Microsoft's Visual Studio Code is a free source-code editor made by Microsoft for Windows, Linux and macOS. The other is in the Microsoft Windows Codecs Library; the codecs module provides stream and file interfaces for transcoding data in Windows programs. According to Microsoft, one "Important" severity flaw stems from the way that Microsoft Windows Codecs Library handles objects in memory.