CVE-2019-0708 Technical Analysis (RDP-RCE)

cyber

CVE-2019-0708 Technical Analysis (RDP-RCE) Microsoft patch Tuesday this May (2019) comes with patch for critical RDP RCE Vulnerability, CVE-2019-0708 Remote Code Execution Vulnerability exists in Remote Desktop Services (RDP) pre-authentication and requires no user interaction Microsoft described it as “Wormable” so we could see new Wannacry hit the world ! […]

Unpatched Ethereum Clients expose the ecosystem to 51% Attack risk

cyber

Security researchers from SRLabs have published a report that analyzed the risks for Ethereum network caused by unpatched Ethereum clients. Researchers at SRLabs published a report based on ethernodes.org data, that revealed that a large number of nodes using the popular clients Parity and Geth is still unpatched. The expert discovered […]

Linux kernel privilege escalation flaw CVE-2019-11815 affects RDS

cyber

Experts discovered a privilege escalation vulnerability in the Linux Kernel, tracked as CVE-2019-11815, that affects the implementation of RDS over TCP. Experts discovered a memory corruption vulnerability in Linux Kernel that resides in the implementation of the Reliable Datagram Sockets (RDS) over TCP. The vulnerability tracked as CVE-2019-11815 could lead to […]

XSS flaw in WordPress Live Chat Plugin lets attackers compromise WP sites

cyber

A vulnerability in the Live Chat Support plugin for WordPress could be exploited by attackers to inject malicious scripts in websites using it Researchers at Sucuri have discovered a stored/persistent cross-site scripting (XSS) vulnerability in the WP Live Chat Support plugin for WordPress. The flaw could be exploited by remote, unauthenticated attackers […]

BlackTech espionage group exploited ASUS update process to deliver Plead Backdoor

cyber

The BlackTech cyber-espionage group exploited the ASUS update process for WebStorage application to deliver the Plead backdoor. The cyber espionage group tracked as BlackTech compromised the ASUS update process for WebStorage application to deliver the Plead backdoor. The BlackTech group was first observed by ESET on July 2018, when it was abusing code-signing certificates stolen from D-Link for […]