Zoom Zero-Day Windows Vulnerability Selling for $500,000

Zoom Zero-Day Windows Vulnerability Selling for $500,000

A couple of zero-day Zoom vulnerabilities are reportedly for sale online, including one for Windows and one for macOS, with the asking price for the Windows one topping $500,000, according to a ...
Untitled Goose Game security hole could have allowed hackers to wreak havoc

Untitled Goose Game security hole could have allowed hackers to wreak havoc

Is nothing sacred? The highly popular “Untitled Goose Game” has been found to be vulnerable to an attack that could allow hackers to run malicious code on your computer. “Untitled Goose Game”, ...

Nexus Intelligence Insights Sonatype-2017-0312: jackson-databind, The End of the Blacklist

For our October Nexus Intelligence Insight we will return to a very popular component that has been both a blessing and a curse to developers around the world. We’ll cover a fundamental ...
email

Protect Against BlueKeep and the Next Wormable Vulnerability

In May, Microsoft released fixes for BlueKeep, a critical remote code execution vulnerability in Remote Desktop Services that affected older versions of Windows. Even though Windows 8 and 10 are not vulnerable, ...
Security Boulevard
HIPAA

Is BlueKeep a Perfect Storm for Health Care?

On May 14, Microsoft published an advisory for a newly discovered remote code execution vulnerability. Given the identifier CVE-2019-0708, the vulnerability has been more popularly named “BlueKeep.” According to the advisory, BlueKeep ...
Security Boulevard

Stored XSS in MyBB

The open source PHP forum software myBB recently published a new update, version 1.8.21. This is a security release fixing a Stored XSS vulnerability in the private messaging and post modules. What ...
WordPress XSS Vulnerability Can Result in Remote Code Execution (RCE)

WordPress XSS Vulnerability Can Result in Remote Code Execution (RCE)

On March 13, 2019, RIPS Technologies, a company specializing in static code analysis software, released details of a Cross-site Scripting (XSS) vulnerability they found in all versions of WordPress up to 5.1.1 ...
Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners

Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners

Docker is a technology that allows you to perform operating system level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy and run applications inside containers ...
fileless malware

Adobe Patches Actively Exploited ColdFusion Zero-Day Flaw

Adobe Systems released an emergency update for the ColdFusion application server to fix a critical remote code execution that’s already being exploited by attackers. The vulnerability, tracked as CVE-2019-7816, is located in ...
Security Boulevard