Google has released Chrome version 86.0.4240.111 that also addresses the CVE-2020-15999 flaw which is an actively exploited zero-day. Google has released Chrome version 86.0.4240.111 that includes security fixes for several issues, including a patch for an actively exploited zero-day vulnerability tracked as CVE-2020-15999. The CVE-2020-15999 flaw is a

A Chrome 86 update released by Google on Tuesday patches several high-severity vulnerabilities, including a zero-day that has been exploited in the wild.The actively exploited vulnerability is tracked as CVE-2020-15999 and it has been described as a heap buffer overflow bug affecting FreeType, a popular software library for rendering fonts.In addition to Chr

The NSA has published a list of the top 25 vulnerabilities currently being exploited by Chinese state-backed hackers to target US organizations.These attackers work as most cybercrime groups typically would: by identifying and gathering information on a target, identifying any vulnerabilities and then launching an exploitation operation using homegrown or re

Google has released Chrome 86.0.4240.111 today, October 20th, 2020, to the Stable desktop channel to address five security vulnerabilities, one of them an actively exploited zero-day bug."Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild," the Google Chrome 86.0.4240.111 announcement reads.This version

The US National Security Agency (NSA) has shared the list of top 25 vulnerabilities exploited by Chinese state-sponsored hacking groups in attacks in the wild. The US National Security Agency (NSA) has published a report that includes details of the top 25 vulnerabilities that are currently being exploited by China-linked APT groups in attacks in the wild

Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.The US National Security Agency (NSA) today published a list of the top 25 publicly known vulnerabilities most often scanned for and targeted by state-sponsored attackers out of China.Related Content:Trickbot Tenacity Shows Infrastructure

Bug bounty programs have gained increased momentum and interest from the security research community for their role in promoting security awareness and responsible vulnerability disclosure. But they are not without their fair share of problems. Bug bounty platforms fill a genuine need. They help companies solicit vulnerability report

Microsoft has released the October 2020 Office security updates with a total of 24 security updates and 5 cumulative updates for 7 different products, fixing 13 vulnerabilities that could enable remote attackers to execute arbitrary code on vulnerable systems.The highlight of this month's Microsoft Office security updates is without a doubt CVE-2020-16947, a

Cisco Talos this week released the details of several remotely exploitable denial-of-service (DoS) vulnerabilities found by one of its researchers in an industrial automation product made by Rockwell Automation.The affected product is the Allen-Bradley 1794-AENT Flex I/O series B adapter, specifically the device’s Ethernet/IP request path port/data/logical s

byPaul DucklinEvery time that critical patches come out for any operating system, device or app that we think you might be using, you can predict in advance what we’re going to say.Patch early, patch often.After all, why risk letting the crooks sneak in front of you when you could take a resolute stride ahead of them?Well, this month, the Offensive Sec

The US government has warned of newly discovered APT attacks combining exploits of VPN products with those for the recently disclosed Zerologon bug.The joint alert from the FBI and Cybersecurity and Infrastructure Security Agency (CISA) revealed that government and non-government targets are being attacked in this campaign.It warned that access to federal an

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505, CHIMBORAZO and Evil Corp. Microsoft experts spotted the Zerologon attacks involving fake software updates, the

Microsoft reports a new campaign leveraging the critical Zerologon vulnerability just days after nation-state group Mercury was seen using the flaw.Microsoft has observed new threat activity exploiting the critical Zerologon vulnerability (CVE-2020-1472. The campaign poses as software updates that connect with known TA505 command-and-control infrastructure,

Microsoft reported this week that it has spotted Zerologon attacks apparently conducted by TA505, a notorious Russia-linked cybercrime group.According to Microsoft, the Zerologon attacks it has observed involve fake software updates that connect to command and control (C&C) infrastructure known to be associated with TA505, which the company tracks as CHI

Title: BACnet Test Server 1.01 Remote Denial of Service Exploit Advisory ID: ZSL-2020-5597 Type: Local/Remote Impact: DoS Risk: (3/5) Release Date: 06.10.2020Summary This is a simple BACnet Server aimed at developers who want to explore or test their BACnet Client impleme