For June's Patch Tuesday Microsoft is patching 50 CVEs and releasing 2 advisories. Adobe Flash is back, as always, with a roll up patch for multiple remote code execution vulnerabilities. Since a zero day remote code exploit was discovered in...

An Adobe advisory regarding a zero-day vulnerability in Adobe Flash Player was published late last week. In this advisory, Adobe states that it is aware of "limited, targeted attacks" exploiting the vulnerability with the attack vector being an office document,...

"We are all honorable men here, we do not have to give each other assurances as if we were lawyers." ― Mario Puzo, The Godfather In the seedy depths of the dark web you will find an underground subculture brimming...

hullabaloo [huhl-uh-buh-loo], noun, plural hullabaloos. a clamorous noise or disturbance; uproar. Recently there has been a hullabaloo about a vulnerability called EFAIL, that, as is the fashion these days, came with its own website, and logo, here. EFAIL generated intense...

A zero day exploit was discovered targeting trade agencies and other related organizations in China toward the end of April. The vulnerability is a Use-After-Free (UAF) memory corruption bug in the Microsoft VBScript engine. By taking advantage of the vulnerability,...

A few weeks ago, I came across a vulnerability that affected all current versions of Electron at the time (< 1.7.13, < 1.8.4, and < 2.0.0-beta.3). The vulnerability allowed nodeIntegration to be re-enabled, leading to the potential for remote code execution. If you're unfamiliar with Electron, it is a popular framework that allows you to create cross-platform desktop applications using HTML, CSS, and JavaScript.

May's Patch Tuesday is here and it looks like these monthly releases have plateaued at around 70 CVEs patched per month. May comes in with 68 CVEs total including 21 rated "Critical", 44 rated "Important", and three rated "Low". Among...

Trustwave
Twitter Feed

Follow Us @Trustwave