Lỗ hổng nghiêm trọng tồn tại trên window server suốt 17 năm vừa được công bố.

lo-hong-nghiem-trong-ton-tai-tren-window-serv

Mới đây, lỗ hổng SigRed có tiềm năng dẫn tới thảm hỏa như virus WannaCry hay Petya vừa được công bố. Lỗ hổng đạt mức độ nghiêm trọng 10/10 theo thang điểm CVSS, được đặt tên bởi các nhà nghiên cứu của CheckPoint. SigRed cho phép thực thi mã từ xa trên Microsoft DNS Server, là một thành phần quan trọng của hạ tầng tổ chức công nghệ thông tin. Từ đó, tin tặc có thể chặn, thao túng email, lây lan mã độc, mã hóa, tống tiền trong tổ chức.

Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers

critical-bug-in-wordpress-theme-plugin-opens-

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development company ThemeGrill.

Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root

sudo-bug-lets-non-privileged-linux-and-macos-

Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems. Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on macOS and almost every UNIX or Linux-based operating system.

Google Accidentally Shared Private Videos of Some Users With Others

google-accidentally-shared-private-videos-of-

Google might have mistakenly shared your private videos saved on the company's servers with other users, the tech giant admitted yesterday in a security notification sent quietly to an undisclosed number of affected users. The latest privacy mishap is the result of a "technical issue" in Google's Takeout, a service that backs up all your Google account data into a single file and then lets you download it straight away.

The Rise of the Open Bug Bounty Project

the-rise-of-the-open-bug-bounty-project

Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you. The once skyrocketing bug bounty industry seems to be not in the best shape today. While prominent security researchers are talking about a growing multitude of hurdles they experience with the leading commercial bug bounty platforms, the latter are trying to reinvent themselves as "next-generation

New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers

new-opensmtpd-rce-flaw-affects-linux-and-open

OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems. OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers.

Install Latest Chrome Update to Patch 0-Day Bug Under Active Attack

install-latest-chrome-update-to-patch-0-day-b

Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days. The latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities, all of which have been marked 'HIGH' in severity, including one that (CVE-2020-6418) has been reportedly exploited in the wild.

Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion

adobe-releases-critical-patches-for-acrobat-r

Though it's not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe last week made a pre-announcement to inform its users of an upcoming security update for Acrobat and Reader, but the company today unveiled bugs in a total of 6 widely-used software, including: