vulnerability – ESET Ireland

Microsoft rushes out patch for Internet Explorer zero‑day

September 26, 2019

There is no word on which threat actor is abusing the severe vulnerability for attacks. Microsoft is urging Windows users to install an emergency security patch to address a critical vulnerability that affects multiple versions of Internet Explorer (IE) and is under active exploitation by unspecified bad actors. The company’s advisory notes that the zero-day, listed as CVE-2019-1367, is … More Microsoft rushes out patch for Internet Explorer zero‑day

Remote access flaws found in popular routers, NAS devices

September 19, 2019

In almost all tested units, the researchers achieved their goal of obtaining remote root-level access. Security researchers have uncovered a total of 125 security flaws across 13 small office/home office (SOHO) routers and network-attached storage (NAS) devices that may leave them vulnerable to remote attacks. The devices ranged from units intended for the general public … More Remote access flaws found in popular routers, NAS devices

A vulnerability in Instagram exposes personal information of users

September 16, 2019

The bug, which has already been fixed by Facebook, allowed access to private user information that could be abused by malicious actors. A security flaw that allowed an attacker to access account information, such as a user’s full phone number and real name of Instagram users was found. Facebook, who previously confirmed the existence of … More A vulnerability in Instagram exposes personal information of users

Microsoft warns of new BlueKeep‑like flaws

August 16, 2019

Unlike BlueKeep, however, these vulnerabilities affect more recent Windows versions, including Windows 10. Microsoft issued fixes for four critical vulnerabilities in Remote Desktop Services (RDS) this week, likening two of them to ‘BlueKeep’, another critical flaw in the same Windows component. All four Remote Code Execution (RCE) flaws – tracked as CVE‑2019‑1181, CVE‑2019‑1182, CVE‑2019‑1222 and CVE‑2019‑1226 – can be exploited by … More Microsoft warns of new BlueKeep‑like flaws

VLC player has a critical flaw – and there’s no patch yet

July 23, 2019

On the flip side, there are currently no known cases of the vulnerability being exploited in the wild. Germany’s national Computer Emergency Response Team (CERT-Bund) has issued a security advisory to alert users of VLC media player of a severe vulnerability affecting this extremely popular open-source software. “A remote, anonymous attacker can exploit the vulnerability in VLC … More VLC player has a critical flaw – and there’s no patch yet

BlueKeep patching isn’t progressing fast enough

July 18, 2019

Keeping up with BlueKeep; or how many internet-facing systems, and in which countries and industries, remain ripe for exploitation? As of early July, more than 805,000 internet-facing systems remained susceptible to the BlueKeep security vulnerability, the news of which spooked the internet two months ago and prompted a flurry of alerts urging users and organizations … More BlueKeep patching isn’t progressing fast enough

How your Instagram account could have been hijacked

July 17, 2019

A researcher found that it was possible to subvert the platform’s password recovery mechanism and take control of user accounts. An independent researcher has found a security loophole in Instagram’s mobile password recovery flow that could have allowed attackers to break into user accounts. The flaw, discovered and reported by India-based researcher Laxman Muthiyah, has since … More How your Instagram account could have been hijacked

ESET Ireland

ESET Ireland Official Blog