A zero-day remote code execution vulnerability in vBulletin, an extremely popular internet forum software used on more than 100,000 websites, was discovered and exposed this week.Read More
On top of the RDP vulnerability out there, additional Microsoft Windows zero-days are out there, which can exploit enterprises and give attackers full system control. The RDP vulnerability had the potential to be used in a WannaCry like worm.
This week, the libssh project announced a serious bug in versions of their library released in the last few years.Read More
A critical vulnerability identified by the National Vulnerability Database as CVE-2015-3456 or VENOM was published yesterday. It affects all KVM guests running on QEMU--a widely used emulator for virtual server hosting. This command and control vulnerability may allow a malicious user to escape guest environments and take full control of the operating system hosting. Like Heartbleed and Shellshock last year, this is a significant risk for organizations that could lead to the exfiltration of sensitive and proprietary data. Unchecked, this can impact thousands of organizations and millions of end users that rely on affected virtual machines for the distribution of shared computing resources.Read More