Skip to content

Home Early Warning System Advisories
Advisory
Adobe monthly updates (Feb 2020)
Friday, 14 February 2020 12:00

Adobe has published February monthly updates regarding security vulnerabilities that could affect specific versions of Adobe products. These include Critical vulnerabilities in Adobe Experience Manager, Adobe Digital Editions, Adobe Flash Player, Adobe Acrobat and Reader, Adobe Framemaker and others. Users are advised to update as soon as possible.

 
Linux Security Update Overview (Feb 13, 2020)
Thursday, 13 February 2020 15:30

The following Linux distributions have released security updates to fix vulnerabilities:
Arch Linux: Security updates for thunderbird, systemd, dovecot and others.
Debian: Security updates for openjdk, firefox and others.
Mageia: Security updates for flash and others.
Amazon Linux: Security updates for python and others.
Amazon Linux 2: Security updates for thunderbird and others.

 
Hackers love holidays - Beware of hackers planting Valentine’s Day malware
Thursday, 13 February 2020 11:49

Security researchers at Check Point technologies published a study revealing a startling spike in malicious activity on the internet during the month of February.According to Check Point, the increase in malicious websites containing the word "Valentine" jumped over 200% compared to the previous months. Additional spikes were seen in malicious sites containing the word "chocolate." Hackers are a tricky bunch, and they're banking on people to search for Valentine's Day content and chocolate in February.The goal, as per usual with malicious sites and phishing scams, is to trick a user into visiting nefarious pages and infecting their systems.
To protect yourself this February, firstly, avoid visiting places you aren't sure about. Secondly, stick to mainstream websites with heavy traffic that are unlikely to sport any kind of malicious code or advertisements. Additionally, be highly skeptical about "special offers" which are a classic bait-and-switch tactic used by cyber criminals.

 
IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI) service
Wednesday, 12 February 2020 12:06

IBM ServeRAID Manager version 9.30-17006 and prior exposes a Java RMI that allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. IBM ServeRAID Manager includes an embedded instance of Java version 1.4.2. ServeRAID Manager uses a Java Remote Method Invocation (RMI) on port 34571/tcp that listens on all interfaces by default. ServeRAID Manager runs with SYSTEM privileges on Microsoft Windows systems. An unauthenticated attacker with network access can exploit the vulnerable RMI interface to launch a remote class loader attack. This appears to be an instance of CVE-2011-3556.
Both ServeRAID Manager and Java 1.4.2 are no longer supported. It's advised to restrict access by configuring ServeRAID Manager to listen on specific network interfaces (like localhost) or using a host-based firewall to restrict network access to 34571/tcp.

 
Microsoft Security Updates (February 2020)
Wednesday, 12 February 2020 10:46

Microsoft Monthly Patches are out. There are patches for 100 vulnerabilities total, 12 rated Critical, the highest CVSSv3 score of 8.8. Five of them have been previously disclosed, and the previously disclosed Scripting Engine vulnerability is actively being exploited. There are several Critical patched vulnerabilities that allow RCE. Users are advised to update as soon as possible.

 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 7 of 387
[YOUR IP: 35.170.78.142: 58622] ...   [YOUR BROWSER: CCBot/2.0 (https://commoncrawl.org/faq/)] ...