Administrators got an early holiday present with a fairly light patching workload on December Patch Tuesday, but they will have one Windows zero-day to wrap up as soon as possible. Microsoft corrected 36 vulnerabilities on December Patch Tuesday in Microsoft Windows, Internet Explorer, Microsoft Office and Microsoft Office Services and Web Apps, SQL Server, Visual Studio and Skype for Business. The Win32k elevation of privilege vulnerability (CVE-2019-1458) is rated as important and is being actively exploited in the wild. This Windows zero-day, discovered by Kaspersky Lab researchers, affects most supported versions of Microsoft’s operating system on both the client and server side. The attacker needs authentication to access the system to run malicious code in kernel mode to take… Source link

This is the second of a three-part series. Click here to read part one, which relates how early experimentation in cold fusion was largely abandoned due to disappointing results when researchers attempted to replicate findings – but the second wave of research is now showing promising results. In my view Japan – without question the world leader today when it comes to experimental research in this field – has produced the most compelling demonstrations of the existence and reproducibility of cold fusion. Japan owes its leading position in large measure to consistent institutional and industrial support and a systematic, step-by-step approach emphasizing the development of advanced materials for cold fusion devices. Cold… Source link

Chinese-speaking cybercrime group Rocke, known for operating multiple large-scale malicious crypto-mining campaigns, has now switched to new Tactics, Techniques, and Procedures (TTPs), including new C2 infrastructure and updated malware to evade detection. Rocke is a financially motivated threat group first spotted in April 2018 by Cisco Talos researchers while exploiting unpatched Apache Struts, Oracle WebLogic, and Adobe ColdFusion servers, and dropping cryptomining malware from attacker-controlled Gitee and GitLab repositories. During January, Palo Alto Network’s Unit 42 team found code that uninstalls multiple cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud from Linux servers, after analyzing new Rocke malware samples. Rocke’s new… Source link

Authorities in Germany this week shut down the services of a bulletproof hosting provider set up in a former NATO bunker that went five floors underground. The bunker was acquired in 2013 and managed by a Dutch national believed to have ties with organized crime in the Netherlands, who turned it into a heavily secured data center for illegal purposes. A bulletproof hosting provider rents hosting services with no restrictions to the nature of the content uploaded or distributed, or the type of business conducted. They are the alternative to regular providers that have strict rules against illegal endeavors and often do not respond to requests from authorities. Huge building for many servers On a 3.2 acre property in Traben-Trabach on the banks of Mosel river, the building itself has… Source link

Adobe has rushed out fixes for three vulnerabilities in its ColdFusion web development platform, two of which have been given the top billing of ‘critical’. The flaws affect ColdFusion 2018 version 4 and earlier, and ColdFusion 2016 version 11 and earlier. The first critical flaw is CVE-2019-8073, and is described as allowing “command injection via vulnerable component” leading to arbitrary code execution (ACE). The second critical flaw is CVE-2019-8074, a path traversal vulnerability allowing an access control bypass. The final vulnerability, rated ‘important’, is CVE-2019-8072, a security bypass leading to information disclosure. Because this is an ‘out of band’ update – a polite way of saying it’s unexpected and urgent – Adobe offers only… Source link

Adobe released security updates for three vulnerabilities in ColdFusion. Two of these vulnerabilities are rated as Critical as they allow code execution and can bypass access controls. The other is an labeled critical as it allows information disclosure. The more critical issue is the code execution vulnerability as it could potentially allow for the takeover of a server. The vulnerabilities details can be seen below: Vulnerability Category Vulnerability Impact Severity CVE Numbers Security bypass Information Disclosure Important CVE-2019-8072 Command Injection via Vulnerable component Arbitrary code execution Critical  CVE-2019-8073 Path Traversal Vulnerability Access Control Bypass Critical  CVE-2019-8074 To resolve these vulnerabilities, Adobe suggests that users update to… Source link

Charlie Osborne 25 September 2019 at 13:43 UTC Updated: 08 October 2019 at 13:48 UTC Users are being urged to update their builds to resolve three serious security flaws Adobe has released an out-of-band patch to quickly resolve a trio of security vulnerabilities in ColdFusion, two of which are deemed critical. Adobe said in a security advisory that ColdFusion 2016 and 2018 on all platforms are affected. The web application development platform’s emergency patch, released on Tuesday (September 24), addresses potential malicious code execution, access control bypass, and data leaks. The first vulnerability, and arguably the most dangerous, is CVE-2019-8073. The critical security flaw is a… Source link

Overall, Adobe released three patches – one for an “important” flaw and two for critical flaws –in the 2016 and 2018 versions of ColdFusion. Adobe has issued an unscheduled security update that fixes two critical flaws in its ColdFusion product. The critical vulnerabilities could enable an attacker to either execute arbitrary code or bypass access control on impacted systems. Overall, Adobe released three patches – one for an “important” flaw and two for critical flaws –in the 2016 and 2018 versions of the ColdFusion commercial rapid web-application development platform. “Adobe recommends users update their product installations to the latest versions using the instructions… Source link

Latest Study on Industrial Growth of Global Virtual Private Servers (VPS) Hosting Market 2019-2025. A detailed study accumulated to offer Latest insights about acute features of the Virtual Private Servers (VPS) Hosting market. The report contains different market predictions related to market size, revenue, production, CAGR, Consumption, gross margin, price, and other substantial factors. While emphasizing the key driving and restraining forces for this market, the report also offers a complete study of the future trends and developments of the market. It also examines the role of the leading market players involved in the industry including their corporate overview, financial summary and SWOT analysis. The Major Players Covered in this Report:… Source link

Latest Study on Industrial Growth of Global Virtual Private Servers (VPS) Hosting Market 2019-2025. A detailed study accumulated to offer Latest insights about acute features of the Virtual Private Servers (VPS) Hosting market. The report contains different market predictions related to market size, revenue, production, CAGR, Consumption, gross margin, price, and other substantial factors. While emphasizing the key driving and restraining forces for this market, the report also offers a complete study of the future trends and developments of the market. It also examines the role of the leading market players involved in the industry including their corporate overview, financial summary and SWOT analysis. The Major Players Covered in this Report:… Source link