Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Remote code execution vulnerabilities dominate this month’s security bulletin of warnings and patches.
Microsoft’s November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution...
Cyberattack on UVM Health Network Impedes Chemotherapy Appointments
The cyberattack has halted chemotherapy, mammogram and screening appointments, and led to 300 staff being furloughed or reassigned.
The University of Vermont (UVM) health network is scrambling to recover...
Trump Site Alleging AZ Election Fraud Exposes Voter Data
Slapdash setup of Trump website collecting reports of Maricopa County in-person vote irregularities exposed 163,000 voter data records to fraud, via SQL injection.
A security flaw on a website set...
Gitpaste-12 Worm Targets Linux Servers, IoT Devices
The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 different initial attack vectors.
Researchers have uncovered a new worm targeting Linux based x86 servers,...
WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug
The shopping cart application contains a PHP object-injection bug.
A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being...
Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
Cisco also disclosed high-severity vulnerabilities in its Webex and SD-WAN products.
Cisco has disclosed a zero-day vulnerability – for which there is not yet a patch – in the Windows,...
VMware Issues Updated Fix For Critical ESXi Flaw
A previous fix for the critical remote code execution bug was “incomplete,” according to VMware.
VMware issued an updated fix for a critical-severity remote code execution flaw in its ESXi...
GrowDiaries Exposes Emails, Passwords of 1.4M Cannabis Growers
Cannabis journaling platform GrowDiaries exposed more than 3.4 million user records online, many from countries where pot is illegal.
A database linked to GrowDiaries, an online community of cannabis growers, has exposed...
Technical Advisory: SQL Injection and Reflected Cross-Site Scripting (XSS) Vulnerabilities in Oracle Communications Diameter...
Vendor: Oracle
Vendor URL: https://www.oracle.com/
Versions affected: 8.0.0.0-8.4.0.5
Systems Affected: Oracle Communications Diameter Signaling Router
CVE Identifier: CVE-2020-14787 (XSS), CVE-2020-14788 (SQL Injection)
Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html
Risk: Medium – 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) (SQL injection)
Risk: Medium - 5.4...
WordPress Patches 3-Year-Old High-Severity RCE Bug
In all, WordPress patched 10 security bugs as part of the release of version 5.5.2 of its web publishing software.
WordPress released a 5.5.2 update to its ubiquitous web...