Citrix released a security advisory (CVE-2019-19781) for a remote code execution vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway products. The vulnerability allows an unauthenticated remote attacker to execute arbitrary code on the system. Once exploited, remote attackers could obtain access to private network resources without requiring authentication ... Read More

Qualys Research Labs discovered a local privilege escalation vulnerability in OpenBSD’s dynamic loader. The vulnerability could allow local users or malicious software to gain full root privileges. OpenBSD developers have confirmed the vulnerability and released security patches in less than 3 hours. Qualys Research Labs also provided proof-of-concept exploits in ... Read More

Multiple authentication vulnerabilities in OpenBSD have been disclosed by Qualys Research Labs. The vulnerabilities are assigned following CVEs: CVE-2019-19522, CVE-2019-19521, CVE-2019-19520, CVE-2019-19519. OpenBSD developers have confirmed the vulnerabilities and also provided a quick response with patches published in less than 40 hours. Vulnerability Details CVE-2019-19521 – An authentication-bypass vulnerability in ... Read More

The BlueKeep vulnerability, initially released in May 2019, is currently being exploited in the wild. Cybersecurity researchers have spotted initial attacks of Bluekeep RDP vulnerability. Here’s a reminder about BlueKeep and instructions for using Qualys to identify attacks and remediate this vulnerability. About BlueKeep Attacks BlueKeep allows an unauthenticated attacker ... Read More

Microsoft released an out-of-band update yesterday that fixes two critical vulnerabilities – The Internet Explorer remote code execution vulnerability (CVE-2019-1367) and Microsoft Defender Denial of Service Vulnerability (CVE-2019-1255). According to the Microsoft advisory CVE-2019-1367, the Internet Explorer scripting engine vulnerability has been exploited in active attacks in the wild. Users ... Read More

Cisco published an update for Cisco IOS XE operating system to patch a critical vulnerability that could allow a remote attacker to bypass authentication on devices running an outdated version of Cisco REST API virtual service container. The security issue is tracked as CVE-2019-12643 and has received a maximum severity ... Read More

In the August 2019 Patch Tuesday release, Microsoft disclosed 7 RDP Vulnerabilities, out of which 4 are labeled as critical and 3 as important. All the critical vulnerabilities exist in Remote Desktop Services – formerly known as Terminal Services – and do not require authentication or user interaction. To exploit ... Read More

This month’s Patch Tuesday addresses 39 vulnerabilities, with 9 of them labeled as Critical. Out of the Criticals, 6 are for the Chakra Scripting Engine used by Microsoft Edge. A Privilege Escalation vulnerability exists in Windows kernel which has been exploited in wild. Adobe also patched 9 Critical and Important ... Read More

In this month’s Patch Tuesday release there are 49 vulnerabilities patched with 12 Criticals. Out of the criticals, over half are browser-related, with the rest including Hyper-V and MSXML Parser. Microsoft Exchange covers CVE-2010-3190 which was not identified as in-scope product when originally published, per Microsoft. Microsoft Office covers 9 ... Read More