Apple Patches WebKit Code Execution Flaws
Apple’s product security response team on Monday rolled out patches to cover numerous serious security vulnerabilities affecting users of its flagship iOS and macOS platforms. read more
Continue ReadingCategory: Vulnerabilities
Samsung Galaxy Store Flaws Can Lead to Unwanted App Installations, Code Execution
Cybersecurity firm NCC Group has shared details on two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page. read more
Continue Reading
What your SOC will be facing in 2023
As the role of cybersecurity in large businesses increases remarkably year over year, the importance of Security Operations Centers (SOCs) is becoming paramount. This year’s Kaspersky Security Bulletin ends with tailored predictions for SOCs – from external and internal points of view. The first part of this report is devoted to the most current threats […]
Continue ReadingIn-the-Wild Exploitation of Recent ManageEngine Vulnerability Commences
Cloud risk management and threat detection firm Rapid7 warns that it has seen organizations being compromised in attacks exploiting a recently patched Zoho ManageEngine vulnerability. read more
Continue ReadingCritical Vulnerabilities Patched in OpenText Enterprise Content Management System
Several vulnerabilities described as having critical and high impact, including ones allowing unauthenticated remote code execution, have been found and patched in OpenText’s enterprise content management (ECM) product. read more
Continue ReadingChinese Hackers Exploited Fortinet VPN Vulnerability as Zero-Day
A China-linked threat actor was observed exploiting a recently disclosed Fortinet FortiOS SSL-VPN vulnerability when it was still a zero-day, months before patches were released, Mandiant reports. read more
Continue ReadingDrupal Patches Vulnerabilities Leading to Information Disclosure
Drupal this week announced software updates that resolve a total of four vulnerabilities in Drupal core and three plugins, and which could lead to unauthorized access to data. read more
Continue ReadingChainguard Trains Spotlight on SBOM Quality Problem
Software engineers tracking the quality of software bill of materials have stumbled on a startling discovery: Barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government. read more
Continue ReadingCisco Patches High-Severity SQL Injection Vulnerability in Unified CM
Cisco on Wednesday announced patches for a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME). read more
Continue ReadingCSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services
A cross-site request forgery (CSRF) vulnerability impacting the source control management (SCM) service Kudu could be exploited to achieve remote code execution (RCE) in multiple Azure services, cloud infrastructure security firm Ermetic has discovered. read more
Continue Reading