Tech vendor Zyxel addresses a critical vulnerability in several network-attached storage (NAS) devices that is already being exploited in the wild. Zyxel has released security patches to address a critical remote code execution vulnerability, tracked as CVE-2020-9054, that affects several NAS devices. The flaw can be exploited by an unauthenticated attack

Google has launched Google Play Security Reward, the bug bounty program that will pay $1,000 rewards for flaws in popular apps. Google has officially launched a bug bounty program for Android apps on Google Play Store, a measure that aims to improve the security of Android apps. The initiative, called Google Play Security Reward, will involve the security c

Several security vulnerabilities have been patched in recent weeks in Apache Tomcat, including the CVE-2017-12617 Code Execution vulnerability. Several security vulnerabilities have been patched in recent weeks in Apache Tomcat. The list of fixed flaws recently addressed also included code execution vulnerabilities. Apache Tomcat is the most widely used web

Cisco has released security updates for its IOS Operating System to fix more than a dozen critical and high severity vulnerabilities. Cisco has released updates for its IOS software to fix more than a dozen critical and high severity vulnerabilities that could be exploited by attackers to remotely take over company’s switches and routers. Giving a close loo

Magento released updates for Magento Commerce and Open Source 2.1.9 and 2.0.16 that fixed also a critical remote code execution vulnerability. Magento released updates for Magento Commerce and Open Source 2.1.9 and 2.0.16 that fixed numerous flaws, including a critical remote code execution vulnerability. The remote code execution flaw impacts content manag

Microsoft has just released the September Patch Tuesday, a huge batch of security updates to address 81 vulnerabilities including Blueborne issue. Microsoft has just released the September Patch Tuesday, a huge batch of security updates to address 81 vulnerabilities in almost any supported versions of Windows and other MS products. The batch includes secu

Security researchers at Positive Technologies have discovered an undocumented configuration setting that disables the Intel Management Engine. Security researchers at Positive Technologies have discovered an undocumented configuration setting that disables the CPU control mechanism Intel Management Engine 11. The Intel Management Engine consists of a microco

Experts found two critical zero-day flaws in the Foxit PDF Reader that could be exploited by attackers to execute arbitrary code on a targeted computer Security researchers have discovered two critical zero-day vulnerabilities in the popular Foxit Reader application that could be exploited by attackers to execute arbitrary code on a targeted computer, if no

The security researcher Vikas Anil Sharma exploited an unrestricted File Upload vulnerability in a PayPal Server to remotely execute code. The security researcher Vikas Anil Sharma has found a remote code execution vulnerability in a PayPal server. The expert was visiting the PayPal Bug Bounty page using the Burp software, below the response obtained opening

The seven-year-old remote code execution vulnerability SambaCry was exploited by the SHELLBIND IoT malware to target NAS devices. A new strain of malware dubbed SHELLBIND exploits the recently patched CVE-2017-7494 Samba vulnerability in attacks against Internet of Things devices. SHELLBIND has infected most network-attached storage (NAS) appliances, it exp

For the second time in a year, a highly critical remote code execution vulnerability was found in the Cisco WebEx Extension. For the second time in a year, a highly critical remote code execution vulnerability, tracked as CVE-2017-6753, was discovered in the Cisco Systems WebEx browser extension for Chrome and Firefox. The vulnerability could be exploited by

Adobe released new versions of Flash Player and Connect web conferencing software to fix important and critical vulnerabilities. According to the security advisory published by Adobe for Flash Player, the new version 26.0.0.137 patches three critical vulnerabilities, including a remote code execution flaw tracked as CVE-2017-3099 that can be exploited by att

OpenVPN fixed several vulnerabilities that could be exploited by remote attackers, the flaws were not detected in a recent audit. Recently two distinct audits were conducted to discover security issues in the OpenVPN, many flaws were found but some vulnerabilities were not spotted by the experts. Four of the vulnerabilities in OpenVPN 2.4.2, were found by th

Microsoft released the June 2017 Patch Tuesday to address more than 90 security flaws, including two critical RCE that have been exploited in attacks. Microsoft released June Patch Tuesday updates that address more than 90 vulnerabilities, including two critical remote code execution (RCE) vulnerabilities that have been exploited in attacks. The first vulner

Security experts from Kaspersky confirmed that threat actors in the wild are exploiting the SambaCry vulnerability CVE-2017-7494 to spread a miner. At the end of May, a seven-year-old remote code execution vulnerability affecting all versions of the Samba software since 3.5.0 was patched by the development team of the project. An attacker can exploit the CV