Some of Asus' popular mid-range and high-end routers have been found to be vulnerable to remote code execution and code injection attacks. Check the full list of routers and the firmware patches here.
Rce RSS
Microsoft released Windows security updates for Windows 11 as well as 10 this week via Patch Tuesday. It also rolled out security fixes for Office 2013/2016 that resolve RCE and Spoofing flaws.
A Redis server malware, that has been built on Rust, is infecting servers based on both Windows as well as Linux. Dubbed the "P2PInfect", this worm is able to exploit the Lua vulnerability.
An AMD fTPM side channel security flaw dubbed "faulTPM" has been discovered by researchers. This security bug can even bypass BitLocker and it affects modern Windows 11-supported Ryzen chips.
Microsoft has issued an advisory about two 0-day vulnerabilities affecting on-premises installations of Exchange Server. Unfortunately, no fix is available yet but there are a couple of mitigations.
QNAP has issued a patch of a security vulnerability that could affect certain configurations of its NAS Drives. The flaw resides in PHP that deals with FPM. It can allow remote code execution.
_medium.jpg)
Microsoft's latest Patch Tuesday updates - released yesterday - fix a lot of recently publicized security issues like Follina, however, DogWalk remains unpatched as Microsoft continues to downplay it.
Some IT admins may be in for a scare this weekend as Atlassian has warned of a critical RCE flaw affecting all Confluence Server and Data Center versions. Internet access should be restricted ASAP.
Microsoft has issued a warning about a remote code execution flaw in its Microsoft Support Diagnostic Tool (MSDT). Virtually all supported versions of Windows and Windows Server are affected.
Nearly all Android smartphones and devices packing MediaTek or Qualcomm with a Security Patch dated prior to December 2021 remain vulnerable to an RCE security bug that can allow eavesdropping.
_medium.jpg)
Google has issued a warning about a sophisticated exploit kit being used to target news media, IT, crypto, and fintech personnel. The attackers were reportedly state-sponsored North Korean groups.
Intel and ARM are vulnerable to the Spectre-BHB flaw, but AMD is apparently troubled by Spectre v2, which it should have fixed back in 2018. AMD has now issued a new fix for the CVE-2017-5715 bug.
Zerodium has increased the prize bounty for zero-click remote code executions (RCEs) on Microsoft Outlook up to $400,000. However, the firm has noted that the rise may only be temporary.
HP has issued a list of its printers that are vulnerable to a new "Critical" buffer overflow bug that can lead to exploitation. Fortunately, patched firmware for these models has also been released.
Microsoft highlighted a collection of BadAlloc vulnerabilities earlier this year. Federal U.S. cybersecurity agency CISA has now issued an advisory as the problem affects tons of BlackBerry products.
Microsoft has issued an advisory about a cyberattack from a Chinese group targeting SolarWinds' products. A hotfix has been released but organizations are still advised to review guidance.
Despite claims to the contrary, Microsoft says that its PrintNightmare patch works as intended. It states that security researchers who are calling it ineffective are using insecure configurations.
Microsoft has offered some further mitigations against the highly dangerous PrintNightmare exploit. The company has also given it a CVSS rating of 8.8/10, which almost awards it "critical" severity.
An exploit called "PrintNightmare" is being investigated by Microsoft. It potentially affects all versions of Windows. U.S. CISA has marked it as "critical" as it can lead to remote code execution.
A critical zero-day vulnerability has been discovered in Adobe Flash Player, which allows Remote Code Execution using a Microsoft Excel document, potentially making you lose control of your system.
Tit for tat? Google has revealed multiple Windows exploits over the years & has even criticized Microsoft for being slow to patch it. Now, Microsoft is returning the favor by finding a bug in Chrome.
Microsoft has detailed the several layers of security in its Edge browser that reduce the chances of malicious exploits by attackers, stating that it will continue to strengthen the Edge sandbox.
As Windows 10 approaches end of life, Microsoft targets more users with full-screen ads
Windows 11 build 27754 is out with modernized Windows Hello, new taskbar features, more
Windows 11 audio bug blasts users with 100% volume, Microsoft confirms
Microsoft's free Bing Wallpaper app for Windows is borderline malware
Recommended by 
We're on Mastodon!
We're on Mastodon!