Category: Security Updates


WannaCry, the largest ransomware-spread campaign to date!

If you think that updating operating systems is not necessary, think again! Within the scope of the largest ransomware-spread campaign to date, more than 223.000 computers across 99 countries worldwide (including United States, Russia, India, Germany, Africa, Philippines, China …) have been infected. Here is the story behind the WannaCry ransomware and protection methods… On May 12th, National Cryptological Center of Spain...

887 total views, 2 views today


Multiple vulnerabilities found in Asus RT routers, update needed

Changing default credentials is one of the most important security precautions. And the latest Asus wireless router vulnerability is just another example that shows why you need to change it. Security experts from ‘Nightwatch Cybersecurity’ have discovered multiple vulnerabilities in 40 different Asus RT router models. According to experts, recent vulnerabilities allows malicious sites to login and change the router settings, exfiltrate router...

695 total views, no views today


New OpenBSD vulnerability allows man-in-the-middle (MitM) attack

OpenBSD is a free and open source Unix-like computer operating system based upon Berkeley Software Distribution (BSD, a Unix operating system derivative) and it is one of the most secure operating systems available. But, like all other operating systems, it is also vulnerable to attacks and needs patching. Network and wireless security researcher Mathy Vanhoef has discovered a new vulnerability in OpenBSD’s...

1,088 total views, 2 views today


A new denial-of-service (DoS) vulnerability was discovered in BIND DNS, updates available

A serious vulnerability was discovered in multiple versions of BIND DNS software that allows a remote attacker to conduct denial-of-service (DoS) attack. BIND is the most widely used Domain Name System (DNS) on the internet that enables you to publish your Domain Name System (DNS) information on the Internet, and to resolve DNS queries for your users. On Unix-like operating systems it...

1,057 total views, 2 views today


F5 BIG-IP ASM Web Application Firewall vulnerability allows remote attackers to launch DoS attack

A ‘high severity’ vulnerability was discovered in ‘F5 Networks BIG-IP Application Security Manager (ASM)’ web application firewall that allows a remote attacker to conduct denial-of service (DoS) attack. BIG-IP ASM is one of the popular enterprise web application firewalls (WAF). According to F5 Networks, it is deployed in more data centers than any enterprise WAF.  It is available as an appliance, virtual...

1,061 total views, no views today


Apple released security updates to patch critical iOS, macOS, watchOS and tvOS vulnerabilities.

If you own Mac, iPhone (5 and later), iPad (4th generation and later), iPod touch (6th generation and later), Apple TV (4th generation) or Apple watch, you need to install the latest Apple security updates. Company has released security updates for it’s operating systems including iOS, macOS, OS X, tvOS and watchOS to patch critical vulnerabilities. Some of these vulnerabilities allows an attacker...

947 total views, no views today


Juniper released software updates to fix vulnerabilities in Junos CLI, Junos Space, CTPView, vMX and Junos J-Web interface.

Juniper released software updates to fix some critical vulnerabilities in Junos OS Command Line Interface, Junos Space, CTPView, Virtual MX series (vMX) router software and Junos OS J-Web interface. Junos Space Network Management Platform vulnerabilities Junos Space Network Management Platform contains critical vulnerabilities and any Juniper products/platforms running Junos Space prior to version 15.2R2 need to be updated as soon as possible. According...

1,194 total views, no views today


Ongoing DoS attacks against BIND DNS software reported, update needed!

BIND is the most widely used ‘Domain Name System’ (DNS) software on the Internet, which originally designed for BSD operating systems. And it is a de facto standard on Unix-based systems. On September 27, Internet Systems Consortium (ISC) released a security advisory to highlight a critical vulnerability that allows remote attackers to cause a denial-of-service (DoS) via a crafted query. It is one...

1,177 total views, no views today


‘U by BB&T’ iOS banking application fails to properly verify SSL certificates

‘Improper certificate validation’ is simply a vulnerability in which a software fails to properly validate certificates provided by HTTPS connections. This vulnerability allows a man-in-the-middle attacker to spoof servers and obtain sensitive information (such as login credentials) via a crafted certificate. If you are using ‘U by BB&T’ application, the mobile banking application of ‘BB&T-Branch Banking and Trust’ (one of the largest financial...

1,302 total views, no views today


Multiple DoS vulnerabilities found in OpenSSL, update needed

If you are using OpenSSL to secure your web servers, then you may have a security issue again. Because multiple vulnerabilities found [1,2]  in popular open-source cryptography library that may lead to crashing of target server remotely. And as a system administrator, you need to know that your servers using OpenSSL may remain vulnerable until you patch them. OpenSSL, which contains an...

1,628 total views, no views today


Netgear D6000 and D3600 routers contain hard-coded cryptographic keys and are vulnerable to authentication bypass

If you have Netgear D6000 or D3600 router devices with and prior firmware versions installed in your network environment, you should update your device to firmware version which released by Netgear on Friday to patch two critical vulnerabilities. Successful exploitation of vulnerabilities by remote unauthenticated attacker may allow gaining administrator access to affected device, performing man-in-the-middle attack on victims network or...

2,683 total views, no views today


Critical XSS vulnerability found in popular WordPress forum plugin bbPress, update available

Imagine for a second that WordPress is a castle which you have to protect from attacks. At this point, every plugin you installed becomes a gate to your castle and you need to ensure the safety of these gates. A recently found vulnerability in popular WordPress forum plugin bbPress is an example of this situation which may affected some 300.000 websites, including support forum....

1,954 total views, no views today


Open redirect vulnerability in Cisco WebEx Meetings Server allows phishing attacks, update needed

Cisco WebEx Meetings Server is a virtualized conferencing solution which combines audio, video and web conferencing in a single solution. Cisco has released a security advisory describing an open redirect vulnerability in the Cisco WebEx Meetings Server (CWMS) web interface that allows an unauthenticated, remote attacker to redirect a user to a malicious web page and conduct phishing attacks. Improper input validation of the...

1,223 total views, no views today


Critical vulnerabilities allow remote disclosure of information in HP Data Protector, update needed

Sometimes companies use the same password or certificate private key in their software developments which usually makes the software (or the platform it runs on) vulnerable to critical attacks like man-in-the-middle (MITM). A recent vulnerability discovered in HP’s popular automated server backup and recovery software is the latest example of this situation. Hp Data Protector is automated backup & recovery software for single-server...

2,040 total views, no views today


Cisco fixed a critical vulnerability in UCS central software

Cisco Unified Computing System (UCS) is a data center server platform that consist of hardware, virtualization support, switching fabric and management software. And Cisco UCS Central software is a software for managing multiple Cisco UCS instances or domains and supports up to 10.000 Cisco UCS servers. Cisco has recently fixed a critical vulnerability in web framework of Cisco UCS Central Software which...

1,391 total views, no views today


11.5 million HTTPS servers are vulnerable to highly critical DROWN Attack

Security researchers have discovered a highly critical vulnerability which allows attackers to break the encryption on SSLv2 allowed servers such as websites or mail servers and steal sensitive information including passwords, credit card numbers, e-mails and instant messages. The critical vulnerability which affects HTTPS protocol and other services that rely on SSL and TLS, dubbed as “DROWN” (Decrypting RSA with Obsolete and Weakened eNcryption)...

2,414 total views, no views today


Patch your Cisco Firewall: Critical ASA vulnerability may allow attackers to obtain full control of the affected system

If you have one of the Cisco ASA firewall devices listed at the end of this page and you configured your firewall device to terminate IKEv1 or IKEv2 VPN connections such as LAN-to-LAN IPsec VPN, Remote access VPN using the IPsec VPN client, Layer 2 Tunneling Protocol (L2TP)-over-IPsec VPN connections or IKEv2 AnyConnect, it means that  your device is most likely...

1,385 total views, no views today


Critical OpenSSL flaw allows attackers to decrypt secure HTTPS traffic

OpenSSL is the widely used open-source library that provides cryptographic functionality (implementation of SSL, TLS) to applications. It is used in applications that need secure connections such as secure web servers. The OpenSSL project team has released an update to patch a critical vulnerability that allows an attacker to obtain the private encryption key and decrypt the secure traffic (HTTPS). A...

1,190 total views, no views today


Multiple vulnerabilities in ASUS RT-G32 router allows arbitrary code injection.

Affected products / software : ASUS RT-G32 routers with firmware and . Vulnerability overview : Cross-site scripting and cross-site request forgery vulnerabilities in the ASUS RT-G32 routers with firmware and allows remote attackers to inject arbitrary web script or HTML and change device settings including admin password. Solution / patch info / workaround : Firmware update available on...

2,097 total views, no views today


Critical vulnerability in vBulletin SEO extension allows remote command execution

vBSEO is a useful and widely used Search Engine Optimization (SEO) extension for the popular internet forum software package vBulletin. A critical ‘unauthenticated script injection’ vulnerability has been found in vBSEO which may lead to a full remote command execution on affected systems. An attacker can exploit the vulnerability to inject malicious code or to take down affected websites. The full command execution...

3,817 total views, 3 views today