The Cybersecurity and Infrastructure Security Agency (CISA) today asked all U.S. federal executive branch departments and agencies to mitigate the critical SIGRed Windows DNS Server wormable remote code execution (RCE) vulnerability within 24 hours.

Microsoft issued a security update to address this critical Windows vulnerability tracked as CVE-2020-1350 on July 14, together with a registry-based workaround that does not require a server restart.

The security flaw has existed in Microsoft’s code for over 17 years, it impacts all Windows Server versions 2003 through 2019, and it has received a maximum CVSS severity rating of 10 out of 10.

Mitigate on

Just two days after SAP released patches for a critical NetWeaver AS JAVA remote code execution vulnerability, proof-of-concept (PoC) exploits have been released, and active scans are underway to exploit devices.

Discovered by Onapsis, The RECON (Remotely Exploitable Code On NetWeaver) vulnerability is tracked as CVE-2020-6287 and is rated with a maximum CVSS score of 10 out of 10.

If exploited, it could allow unauthenticated, remote attackers to gain full access to the vulnerable systems. These systems could then be used as launching pads for further attacks within a corporate network.

Another vulnerability tracked as CVE-2020-6286 was

WhatsApp is down with users worldwide reporting problems connecting to the messaging platform.

In the past hour, users worldwide have stated that when they attempt to access WhatsApp, the application will sit there and display a continuous “Connecting…” message.

In BleepingComputer tests here in the USA, we confirmed the outage and are unable to connect to the messaging platform.

Outage site, DownDetector,  shows that this outage started around 3:45 PM EST with most users affected in Europe.

WhatsApp map

As you can see from the data points used for DownDetector’s WhatsApp outage reports, the number of reports quickly escalated to over

SAP patched a critical vulnerability affecting over 40,000 customers and found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50, a core component of several solutions and products deployed in most SAP environments.

The RECON (short for Remotely Exploitable Code On NetWeaver) vulnerability is rated with a maximum CVSS score of 10 out of 10 and can be exploited remotely by unauthenticated attackers to fully compromise unpatched SAP systems according to Onapsis, the company that found and responsibly disclosed RECON to the SAP Security Response Team.

RECON is introduced due to the lack of authentication in

Malware developers are now checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analyzed by researchers.

Any.Run is a malware analysis sandbox service that lets researchers and users safely analyze malware without risk to their computers.

When an executable is submitted to Any.Run, the sandbox service will create a Windows virtual machine with an interactive remote desktop, and execute the submitted file within in it.

Researchers can utilize the interactive Windows desktop to see what behavior the malware is exhibiting, while Any.Run records its network activity, file activity, and

​The Zoom web conference Client contained a zero-day vulnerability that could have allowed attackers to execute commands on vulnerable systems remotely.

The exploitation of the vulnerability required at least some form of action on the victim’s end, such as downloading and opening a malicious attachment, however, no security notifications would be triggered during exploitation.

A researcher, who prefers to remain anonymous, reached out to the 0patch team disclosing the vulnerability rather than reporting it directly to Zoom.

Researchers at 0patch then issued a “micropatch” free of charge until Zoom could release their own. 

“According to our guidelines, we’re providing