Microsoft Released Out-of-Band Advisory – Windows Adobe Type Manager Library Remote Code Execution Vulnerability (ADV200006)

Microsoft Released Out-of-Band Advisory – Windows Adobe Type Manager Library Remote Code Execution Vulnerability (ADV200006)

Today, Microsoft released an out-of-band security advisory ADV200006 to address two critical remote code execution vulnerabilities in Adobe Type Manager Library. Microsoft is also aware of limited, targeted attacks that attempt to ...

Bryson Koehler, Equifax CTO, Discusses the Road Ahead in Data Security Infrastructure

Byson Koehler, the Equifax CTO and CISO, delivered the keynote at DevSecOps Days during the 2020 RSAC. Equifax contributed to multiple sessions and panels during the conference. The message was consistent: "Yes, ...
compromised

Report: 97% of Firms Compromised Right Now. Really?

New research is full of alarming statistics about how cyber-compromised most companies are. We rip the report to shreds ...
Security Boulevard

Work-from-Home Security Advice

SANS has made freely available its "Work-from-Home Awareness Kit." When I think about how COVID-19's security measures are affecting organizational networks, I see several interrelated problems: One, employees are working from their ...

Nexus Intelligence Insights: CVE-2019-3773 Spring Web Services XML External Entity Injection (XXE)

Spring, a widely used component, makes programming multiple things in Java easier, faster, and safer. The project’s focus on speed, simplicity, and productivity has made it one of the world's most popular ...
Automatically Discover, Prioritize and Remediate Microsoft SMBv3 RCE Vulnerability (CVE-2020-0796) using Qualys VMDR

Automatically Discover, Prioritize and Remediate Microsoft SMBv3 RCE Vulnerability (CVE-2020-0796) using Qualys VMDR

This month’s Patch Tuesday, Microsoft disclosed a a critical “wormable” remote code execution (RCE) vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) protocol. The exploitation of this vulnerability opens systems up to ...
Windows 10 Suffers Yet Another Wormable Zero-Day

Windows 10 Suffers Yet Another Wormable Zero-Day

Here we go again: An SMB vulnerability lets hackers access your Windows clients and servers. And there’s no patch (yet) ...
Security Boulevard
Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)

Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)

This Patch Tuesday, Microsoft disclosed a remote code execution vulnerability in SMB 3.1.1 (v3) protocol. Even though initial release of the Patch Tuesday did not mention this vulnerability, details of the issue ...

March 2020 Patch Tuesday – 115 Vulns, 26 Critical, Microsoft Word and Workstation Patches

This month’s Microsoft Patch Tuesday addresses 115 vulnerabilities with 26 of them labeled as Critical. Of the 26 Critical vulns, 17 are for browser and scripting engines, 4 are for Media Foundation, ...
AMD

New AMD Processor Bug Breaks Encryption

AMD CPUs have yet another flaw: Researchers say they can steal private AES keys, leak kernel memory, set up covert cloud channels, and do other dirty, dark deeds ...
Security Boulevard