A critical vulnerability in Internet Explorer, with the identifier CVE-2020-0674 has been published by Microsoft. It allows attackers to remotely execute code using the JScript.dll library. A security patch is currently being created. On the first patch Tuesday of 2020, Microsoft released 49 updates; shortly afterwards, the vendor reported a new zero-day sec

Microsoft announced on Friday that it’s in the process of developing a patch for a zero-day vulnerability in Internet Explorer that has been exploited in targeted attacks, reportedly by a threat group tracked as DarkHotel. Until a fix becomes available, the company has shared some workarounds and mitigations.The flaw, tracked as CVE-2020-0674 and described a

Citrix has started rolling out security patches for the recently revealed Citrix Application Delivery Controller (ADC) and Citrix Gateway vulnerability.Disclosed in December 2019 and tracked as CVE-2019-19781, the vulnerability could be exploited to achieve code execution. The issue impacts versions 13.0, 12.1, 12.0, 11.1, and 10.5 of both Citrix ADC and Gat

One of the vulnerabilities patched this week by Microsoft in its Windows operating system is a crypto-related issue that was reported to the company by the U.S. National Security Agency.The vulnerability, tracked as CVE-2020-0601 and dubbed ChainOfFools and CurveBall, affects Windows 10, Server 2016 and Server 2019, as well as applications that rely on Windo

A threat group targeting the recently disclosed critical vulnerability in Citrix Application Delivery Controller (ADC) is installing their own backdoor while cleaning up other malware infections and blocking others from exploiting the vulnerability, FireEye has discovered.Tracked as CVE-2019-19781, the vulnerability impacts Citrix ADC and Gateway products (p

Following another official vulnerability alert issued in the past 48 hours, which has been known since December, companies still protected from this new attack are continuously receiving new requests for help. CISA considers the vulnerability to be one of the most dangerous exploits of recent years. Potentially, some 80,000 companies worldwide are at risk. T

On Tuesday, the NSA announced they had found a critical vulnerability in the certificate validation functionality on Windows 10 and Windows Server 2016/2019. This bug allows attackers to break the validation of trust in a wide variety of contexts, such as HTTPS and code signing. If you want to stop reading here, get the important details, and see if you̵

Several proof-of-concept (PoC) exploits have already been created — and some of them have been made public — for CVE-2020-0601, the crypto-related Windows vulnerability that Microsoft patched recently after being notified by the U.S. National Security Agency.The vulnerability, named by some ChainOfFools and CurveBall, was patched by Microsoft this week with

Yesterday, January 14, Microsoft launched a patch for a critical security vulnerability in Windows 10, and Windows Server 2016 and 2019, among others. The vulnerability, categorized as CVE-2020-0601, which was discovered by the NSA, affects a component known as CryptoAPI (Crypt32.dll). Among the features of the CryptoAPI component is its use in digital signa

Yesterday's Microsoft Windows patches included a fix for a critical vulnerability in the system's crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious exe

Google Project Zero security researchers have published technical details on an iMessage vulnerability addressed last year, which could be exploited remotely to achieve arbitrary code execution. Tracked as CVE-2019-8641, the vulnerability is considered Critical, featuring a CVSS score of 9.8, and was discovered by Google Project Zero security researcher

The U.S. National Security Agency (NSA) has informed Microsoft that Windows is affected by a potentially serious spoofing vulnerability that could allow hackers to make a malicious file appear to come from a trusted source or conduct man-in-the-middle (MitM) attacks.The NSA reached out to reporters to inform them about the vulnerability before Microsoft rele

byPaul DucklinDo you know what you were doing 3736 days ago?We do! (To be clear, lest that sound creepy, we know what we were doing, not what you were doing.)Admittedly, we didn’t remember all on our own – we needed the inexorable memory of the internet to help us recall what happened on 22 October 2009.That was the official release date of Windo

Exploits targeting the recent Citrix Application Delivery Controller (ADC) vulnerability have already been published online, yet security patches will not be available for at least another week.Impacting both Citrix ADC and Citrix Gateway (previously known as NetScaler ADC and NetScaler Gateway), the vulnerability is tracked as CVE-2019-19781 and could lead

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations that malicious hackers continue to exploit a widely known Pulse Secure VPN vulnerability.A researcher revealed recently that cybercriminals had started exploiting CVE-2019-11510, a critical vulnerability affecting enterprise VPN product