PHP team fixes nasty site-owning remote execution bug
The PHP development team has fixed a bug that could allow remote code execution in some setups of the programming language. Get the details:
The PHP development team has fixed a bug that could allow remote code execution in some setups of the programming language. Get the details:
A recently patched vulnerability (CVE-2019-11043) in PHP is being actively exploited by attackers to compromise NGINX web servers, threat intelligence firm Bad Packets hasconfirmed. Learn more:
A Linux Sudo bug which allows users to run some restricted commands as root without permission has been discovered. Learn more about this security vulnerability in an informative Techworm article:
Are you aware that hackers are bypassing some types of 2FA security? Get the details:
Are you a Joomla user? Details have been published online last week about a vulnerability in older versions of the Joomla content management system (CMS), a popular web-based application for building and managing websites. Learn more in a great ZDNet article:
Remember the critical remote code execution (RCE) vulnerability in the Exim email server,CVE-2019-15846,from mid-September?Barely two weeks later, and the software’s maintainers have issued an advisory for another potentially troublesome bug,identified as CVE-2019-16928, which has been given the same critical rating. Learn more in a great NakedSecurity article:
Are you an Exim user? A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers. Learn more about the vulnerability in a great The Hacker News article:
The results of the 2019 Defcon Voting Village are in—and they paint an ugly picture for voting machine security. Learn more in an interesting Wired article:
If you’re a WordPress admin using a plug-in called Rich Reviews, you’ll want to uninstall it. Now. Learn more:
Are you a phpMyAdmin user? A researcher has just published a zero-day security bug in one of the web’s most popular database administration software packages. Learn more:
Have you heard that a severe critical privilege escalation vulnerability has been found in Harbor open-source registry software? Learn more:
Are you a phpMyAdmin user? A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases. Learn more:
Are you a Chromebook user? Google has discovered a serious flaw in a Chromebook security feature which allows owners to press their device’s power button to initiate U2F two-factor authentication (2FA). Learn more:
Are you a Chromebook user? If so, make sure you have updated to Chrome OS 75 or later to receive a fix for a vulnerability in a "built-in security key" feature. Learn more:
A ‘critical’ security vulnerability has been discovered in the Exim mail server that requires admins’ urgent attention. Learn more about the flaw and how to protect your servers:
Are you an Exim user? Have you heard that Exim has been impacted by its second major bug this summer? Learn more:
A security flaw in Google Chrome allows an attacker to eventually take control a vulnerable host, and Google recommends users to deploy a patch as soon as possible. All versions of the browser are affected, including Google Chrome for Linux. Learn more:
Are you a Google Chrome user? If so, have you heard about the system-controlling Chrome bug in Blink? Get the details:
Have you heard that the Red Hat Enterprise Linux 6 and CentOS 6 GNU/Linux operating systems have received an important Linux kernel security update that addresses several critical vulnerabilities and fixes various bugs? Learn more about this update:
Neglecting basic security practices exposes companies to long-standing security threats. Learn what you can do to mitigate the risk that security vulnerabilities pose to your business: