Some of Asus' popular mid-range and high-end routers have been found to be vulnerable to remote code execution and code injection attacks. Check the full list of routers and the firmware patches here.
Remote code execution RSS
Microsoft released Windows security updates for Windows 11 as well as 10 this week via Patch Tuesday. It also rolled out security fixes for Office 2013/2016 that resolve RCE and Spoofing flaws.
A Redis server malware, that has been built on Rust, is infecting servers based on both Windows as well as Linux. Dubbed the "P2PInfect", this worm is able to exploit the Lua vulnerability.
FromSoftware's repairs for the remote code execution exploit plaguing the Dark Souls series are coming to a completion, with Dark Souls: Remastered PC servers now being switched online.
FromSoftware has good news for Dark Souls II fans, as servers are now back online for the updated Scholar of the First Sin version. However, Dark Souls: Prepare to Die Edition won't be reactivated.
Dark Souls 3 fans can now go back and join each other in jolly cooperation, as online services have finally been restored. FromSoftware says it is still working on the rest of the series' servers.
QNAP has issued a patch of a security vulnerability that could affect certain configurations of its NAS Drives. The flaw resides in PHP that deals with FPM. It can allow remote code execution.
Some IT admins may be in for a scare this weekend as Atlassian has warned of a critical RCE flaw affecting all Confluence Server and Data Center versions. Internet access should be restricted ASAP.
_medium.jpg)
Microsoft has issued a warning about a remote code execution flaw in its Microsoft Support Diagnostic Tool (MSDT). Virtually all supported versions of Windows and Windows Server are affected.
Nearly all Android smartphones and devices packing MediaTek or Qualcomm with a Security Patch dated prior to December 2021 remain vulnerable to an RCE security bug that can allow eavesdropping.
Zerodium has increased the prize bounty for zero-click remote code executions (RCEs) on Microsoft Outlook up to $400,000. However, the firm has noted that the rise may only be temporary.
HP has issued a list of its printers that are vulnerable to a new "Critical" buffer overflow bug that can lead to exploitation. Fortunately, patched firmware for these models has also been released.
Microsoft has acknowledged that it is investigating a Windows zero-day vulnerability that is currently being exploited in the wild. The firm has provided a workaround that involves AcitveX controls.
Microsoft highlighted a collection of BadAlloc vulnerabilities earlier this year. Federal U.S. cybersecurity agency CISA has now issued an advisory as the problem affects tons of BlackBerry products.
Microsoft has issued an advisory about a cyberattack from a Chinese group targeting SolarWinds' products. A hotfix has been released but organizations are still advised to review guidance.
Despite claims to the contrary, Microsoft says that its PrintNightmare patch works as intended. It states that security researchers who are calling it ineffective are using insecure configurations.
Microsoft has offered some further mitigations against the highly dangerous PrintNightmare exploit. The company has also given it a CVSS rating of 8.8/10, which almost awards it "critical" severity.
An exploit called "PrintNightmare" is being investigated by Microsoft. It potentially affects all versions of Windows. U.S. CISA has marked it as "critical" as it can lead to remote code execution.
A critical zero-day vulnerability has been discovered in Adobe Flash Player, which allows Remote Code Execution using a Microsoft Excel document, potentially making you lose control of your system.
Tit for tat? Google has revealed multiple Windows exploits over the years & has even criticized Microsoft for being slow to patch it. Now, Microsoft is returning the favor by finding a bug in Chrome.
Vulnerability Lab Security researcher Benjamin Kunz Mejri has revealed a now-fixed zero-day flaw in the Microsoft's service that allowed an attacker to remotely crash the application.
Containing 16 critical and 41 important security fixes, Microsoft has unleashed its biggest Patch Tuesday addressing serious flaws found in Windows, Office, and even Windows Defender.
Microsoft has issued an update to fix a flaw in its Malware Protection Engine. The flaw would have allowed for an attacker to use remote code execution, therefore putting many users at risk.
Samsung's Tizen operating system has been found to be riddled with security vulnerabilities that allow for remote-code execution, and for the delivery of malicious code via the OS' app store.
Microsoft has detailed the several layers of security in its Edge browser that reduce the chances of malicious exploits by attackers, stating that it will continue to strengthen the Edge sandbox.
