Threat Post

Apache Tomcat Exploit Poised to Pounce, Stealing Files

Researchers said that a working exploit for CVE-2020-1938 leaked on GitHub makes is a snap to compromise webservers. A vulnerability in the popular Apache Tomcat web server is ripe for active attack, ...
Dark Reading

Microsoft Office Files Most Popular for Exploit Tests

Security researchers who analyzed attackers' exploit testing process concluded that exploits never go out of style. Many can remain popular and reliable tools over time, partly due to dependence on ...
Bleeping Computer

New Windows Zero-Day Bug Helps Delete Any File, Exploit Available

Proof-of-concept code for a new zero-day vulnerability in Windows has been released by a security researcher before Microsoft was able to release a fix. The code exploits a vulnerability that allows ...
Bleeping Computer

File Inclusion Bug in Kibana Console for Elasticsearch Gets Exploit Code

Exploit code has been published for a local file inclusion (LFI) type of vulnerability affecting the Console plugin in Kibana data visualization tool for Elasticsearch; an attacker could use this to ...
PC World

New Flash exploit used to distribute credential-stealing malware

A new exploit that prompted Adobe to release an emergency patch for Flash Player was used in targeted attacks that distributed malware designed to steal log-in credentials for email and other online ...
CRN

Criminals Launch Exploit Of Microsoft Access Database Files

U.S. CERT issued a brief warning on its Web site Monday stating that the organization was "aware of active exploitation using malicious Microsoft Access databases." The U.S. CERT is the operational ...
Ars Technica

WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April

The file is named .RAR to make it look like you need a RAR utility to open it. Once WinRAR opens it it identifies it as a ZIP file. The write up doesn't fully describe the bug but it looks like an ...
Digital Trends

Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs

There were already a number of reasons to not use Internet Explorer. But if you needed another one, here it is. According to ZDNet, a security researcher named John Page has published evidence of an ...
ZDNet

Hacker finds a way to exploit PDF files, without a vulnerability

A security researcher has managed to create a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities. The PDF hack, when combined with clever ...
PC World

Researchers find previously unknown exploits among Hacking Team’s leaked files

Researchers sifting through 400GB of data recently leaked from Hacking Team, an Italian company that sells computer surveillance software to government agencies from around the world, have already ...
Network World

Researchers find previously unknown exploits among Hacking Team’s leaked files

Researchers sifting through 400GB of data recently leaked from Hacking Team, an Italian company that sells computer surveillance software to government agencies from around the world, have already ...