Microsoft Released September 2018 Patches to Fix 64 Security VulnerabilitiesThreat Alert

Overview   On Tuesday, Microsoft released September 2018 security updates to fix 64 vulnerabilities, ranging from spoofing attacks to remote code execution vulnerabilities. Affected products include .NET Core, Active Directory, Adobe Flash Player, Azure, BitLocker, Internet Explorer, Microsoft Drivers, Microsoft Dynamics, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JScript, […]

Apache Struts2 Commons FileUpload Deserialization Remote Code Execution Vulnerability (CVE-2016-100031)Threat Alert

Vulnerability Overview Recently, Apache Software Foundation (ASF) has released a security advisory to strongly advise users of Apache Struts2.3.X to upgrade the Apache Commons FileUpload component. Struts 2.3.x, by default, uses the Commons FileUpload component of V1.3.2. Early in 2016, this component of V1.3.2 is disclosed to contain a deserialization […]

VMware Virtual Machine Escape Vulnerabilities (CVE-2018-6981 and CVE-2018-6982) Threat Alert

Overview Recently, VMware has released a security advisory to document the remediation of two critical vulnerabilities (CVE-2018-6981 and CVE-2018-6982) in VMware ESXi, Workstation, and Fusion. The two vulnerabilities were disclosed by a Chinese cybersecurity firm Chaitin Tech at the international hacking contest GeekPwn2018.

Cisco Stealthwatch Management Console and Unity Express Critical Vulnerabilities Threat Alert

Overview On November 7, 2018, local time, Cisco released a security advisory to announce the remediation of two critical vulnerabilities in the Stealthwatch Management Console (SMC) and the Utility Express respectively.

AVEVA InduSoft Web Studio and InTouch Edge HMI Critical Vulnerabilities Threat Alert

Overview Recently, AVEVA released a security bulletin to announce the remediation of two critical vulnerabilities in industrial software. CVE-2018-17916 is a stack overflow vulnerability that can be triggered by sending a crafted packet, leading to remote code execution by an unauthorized user. CVE-2018-17914 stems from an empty password in the […]

Cisco ASA Security Product Denial-of-Service Vulnerability (CVE-2018-15454) Threat Alert

Vulnerability Overview Recently, Cisco officially released a security advisory to fix the denial-of-service (DoS) vulnerability (CVE-2018-15454) in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This vulnerability exists in the Session Initiation Protocol (SIP) inspection engine used by Cisco ASA and FTD. An unauthorized attacker could exploit this […]

Apache mod_jk Access Control Bypass Vulnerability (CVE-2018-11759) Threat Alert

Vulnerability Overview Recently, Apache Software Foundation (ASF) released a security advisory to announce the fix for an access control bypass vulnerability (CVE-2018-11759) in the mod_jk module in Apache Tomcat. Currently, the proof of concept (PoC) has been announced for this vulnerability. Users of this software should take precautions to fix […]