Security News

WordPress Patches 3-Year-Old High-Severity RCE Bug
2020-10-30 20:56

The update patches a high-severity bug, which could allow a remote unauthenticated attacker to take over a targeted website via a narrowly tailored denial-of-service attack. Of the ten security bugs patched by WordPress a standout flaw, rated high-severity, could be exploited to allow an unauthenticated attacker to execute remote code on systems hosting the vulnerable website.

Oracle WebLogic Server RCE Flaw Under Active Attack
2020-10-29 14:49

The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn. If an organization hasn't updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: "Assume it has been compromised."

Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)
2020-10-29 11:29

A critical and easily exploitable remote code execution vulnerability in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. Oracle WebLogic is a Java EE application server that is part of Oracle's Fusion Middleware portfolio and supports a variety of popular databases.

Researchers: LinkedIn, Instagram Vulnerable to Preview-Link RCE Security Woes
2020-10-27 16:01

UPDATE. Link previews in popular chat apps on iOS and Android are a firehose of security and privacy issues, researchers have found. When a user sends a link through, it renders a short summary and a preview image in-line in the chat, so other users don't have to click the link to see what it points to.

Microsoft Fixes RCE Flaws in Out-of-Band Windows Update
2020-10-16 20:47

One flaw exists in Microsoft's Visual Studio Code is a free source-code editor made by Microsoft for Windows, Linux and macOS. The other is in the Microsoft Windows Codecs Library; the codecs module provides stream and file interfaces for transcoding data in Windows programs. According to Microsoft, one "Important" severity flaw stems from the way that Microsoft Windows Codecs Library handles objects in memory.

Microsoft issues out-of-band Windows security updates for RCE bugs
2020-10-16 15:22

Microsoft has released two out-of-band security updates designed to address remote code execution bugs found to affect the Microsoft Windows Codecs Library and Visual Studio Code. Microsoft patched two similar RCE bugs in June, leading to user confusion because of the ways the security updates were being delivered - via the Microsoft Store instead of the normal Windows Update channel.

UK urges orgs to patch severe CVE-2020-16952 SharePoint RCE bug
2020-10-16 14:42

NCSC, the cybersecurity arm of the UK's GCHQ intelligence service, urges organizations to make sure that all Microsoft SharePoint products in their environments are patched against CVE-2020-16952 to block takeover attempts. The server-side include vulnerability was reported by information security specialist Steven Seeley of Qihoo 360 Vulcan Team who found that it affects Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2013 Service Pack 1, and Microsoft SharePoint Server 2019.

Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE
2020-10-14 18:43

UPDATE. A critical security bug in the SonicWall VPN portal can be used to crash the device and prevent users from connecting to corporate resources. "The most notable aspect of this vulnerability is that the VPN portal can be exploited without knowing a username or password," Young told Threatpost.

October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
2020-10-13 20:44

Microsoft has pushed out fixes for 87 security vulnerabilities in October - 11 of them critical - and one of those is potentially wormable. "Coming in at 53 of the 87 vulnerabilities, patching the OS knocks out 60 percent of the vulnerabilities listed, along with over half of the critical RCE vulnerabilities resolved today."

October 2020 Patch Tuesday: Microsoft fixes potentially wormable Windows TCP/IP RCE flaw
2020-10-13 19:32

Microsoft has plugged 87 security holes, including critical ones in the Windows TCP/IP stack and Microsoft Outlook and Microsoft 365 Apps for Enterprise. CVE-2020-16898 - A Windows TCP/IP vulnerability that could be remotely exploited by sending a specially crafted ICMPv6 router advertisement to an affected Windows server or client and could allow code execution.