Top

Category: Vulnerabilities


Threats & Malware, Vulnerabilities

Microsoft releases out-of-band update to fix Kerberos auth issues caused by a patch for CVE-2022-37966

November 23, 2022

Via: Security Affairs

Microsoft released an out-of-band update to address issues caused by a recent Windows security patch that causes Kerberos authentication problems. Microsoft Patch Tuesday security updates for November 2022 addressed a privilege escalation vulnerability, tracked as CVE-2022-37966, that impacts Windows Server. […]


Threats & Malware, Vulnerabilities

BMC Firmware Vulnerabilities Expose OT, IoT Devices to Remote Attacks

November 22, 2022

Via: Security Week

BMC is a specialized processor that allows administrators to remotely control and monitor a device without having to access the operating system or applications running on it. The BMC can be used to reboot a device, install an operating system, […]


Threats & Malware, Vulnerabilities

PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability

November 21, 2022

Via: Security Week

Tracked as CVE-2022-26696 (CVSS score of 7.8), the security defect was identified and reported last year, with a patch available since the release of macOS Monterey 12.4 in May. In its advisory, Apple notes that the flaw allowed a sandboxed […]


Threats & Malware, Vulnerabilities

Omron PLC Vulnerability Exploited by Sophisticated ICS Malware

November 18, 2022

Via: Security Week

On November 10, the US Cybersecurity and Infrastructure Security Agency (CISA) published two advisories describing three vulnerabilities affecting NJ and NX-series controllers and software made by Japanese electronics giant Omron. One of the advisories describes CVE-2022-33971, a high-severity flaw that […]


Threats & Malware, Vulnerabilities

Atlassian Patches Critical Vulnerabilities in Bitbucket, Crowd

November 18, 2022

Via: Security Week

In the Bitbucket source code repository hosting service, Atlassian fixed CVE-2022-43781, a critical command injection vulnerability that affects Bitbucket Server and Data Center version 7 and, in some cases, version 8. “There is a command injection vulnerability using environment variables […]


Threats & Malware, Vulnerabilities

High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices

November 17, 2022

Via: The Hacker News

Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems. Cybersecurity firm Rapid7 said the flaws could be abused to remote access to the devices and defeat security constraints. […]


Threats & Malware, Vulnerabilities

Networking Tech Vulnerability Could Be Used to Hack Spacecraft: Researchers

November 16, 2022

Via: Security Week

The flaw affects Time-Triggered Ethernet (TTE), a networking technology specifically designed for real-time applications and cyber-physical systems with high safety and availability requirements. TTE is often used to reduce costs and improve efficiency as it allows mission-critical components to exist […]


Threats & Malware, Vulnerabilities

Critical vulnerability in Spotify’s Backstage discovered, patched

November 15, 2022

Via: Help Net Security

A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. What is Backstage? Having more than 19,000 stars on Github, Backstage is one […]


Threats & Malware, Vulnerabilities

Aiphone Intercom System Vulnerability Allows Hackers to Open Doors

November 14, 2022

Via: Security Week

Aiphone is one of the largest global manufacturers of intercom systems, including audio and video entry systems for residential and corporate buildings. Last week, researchers with Norwegian application security firm Promon published information on a vulnerability identified in several Aiphone […]


Threats & Malware, Vulnerabilities

Foxit Patches Several Code Execution Vulnerabilities in PDF Reader

November 11, 2022

Via: Security Week

The feature-rich PDF reader provides broad functionality to users, including support for multimedia documents and dynamic forms via JavaScript support, which also expands the application’s attack surface. This week, Cisco’s Talos security researchers have published information on four vulnerabilities in […]


Threats & Malware, Vulnerabilities

Multiple High-Severity Flaw Affect Widely Used OpenLiteSpeed Web Server Software

November 11, 2022

Via: The Hacker News

Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. “By chaining and exploiting the vulnerabilities, adversaries could compromise the web server […]


Threats & Malware, Vulnerabilities

Cisco Patches 33 Vulnerabilities in Enterprise Firewall Products

November 11, 2022

Via: Security Week

The most severe of the security defects is CVE-2022-20927, a bug in the dynamic access policies (DAP) functionality of ASA and FTD software, allowing a remote, unauthenticated attacker to cause a denial-of-service (DoS) condition. Due to improper processing of data […]


Hacker, Threats & Malware, Vulnerabilities

Hacker Rewarded $70,000 for Finding Way to Bypass Google Pixel Phones’ Lock Screens

November 10, 2022

Via: The Hacker News

Google has resolved a high-severity security issue affecting all Pixel smartphones that could be trivially exploited to unlock the devices. The vulnerability, tracked as CVE-2022-20465 and reported by security researcher David Schütz in June 2022, was remediated as part of […]


Threats & Malware, Vulnerabilities

Apple Patches Remote Code Execution Flaws in iOS, macOS

November 10, 2022

Via: Security Week

Written in the C programming language and originally developed for the Gnome project, libxml2 is a software library for parsing XML documents. Tracked as CVE-2022-40303 and CVE-2022-40304, the two vulnerabilities could lead to remote code execution. Apple has credited Google […]


Cyber warfare, Cyber-crime, Threats & Malware, Vulnerabilities

Analysis of Russian Cyberspy Attacks Leads to Discovery of Windows Vulnerability

November 10, 2022

Via: Security Week

Also referred to as Cozy Bear, the Dukes, and Yttrium, APT29 is a Russian cyberespionage group likely sponsored by the Russian Foreign Intelligence Service (SVR). The group is believed to be responsible for multiple high-profile attacks, including the 2016 targeting […]


Threats & Malware, Vulnerabilities

SAP Patches Critical Vulnerabilities in BusinessObjects, SAPUI5

November 9, 2022

Via: Security Week

There were also updates to two previously released notes. Three other security notes were released between the second Tuesday of October and the second Tuesday of November. Three of this month’s security notes are marked ‘hot news’, which represents the […]


Threats & Malware, Vulnerabilities

Citrix urges admins to patch these dangerous flaws immediately

November 9, 2022

Via: TechRadar

Citrix has released a fix for three high-severity vulnerabilities discovered in two of its popular products, and is now urging users to apply the patch immediately. The company has fixed three flaws found in Citrix ADC and Citrix Gateway. ADC […]


Threats & Malware, Vulnerabilities

VMware fixes three critical flaws in Workspace ONE Assist

November 9, 2022

Via: Security Affairs

Workspace ONE Assist allows IT staff to remotely access and troubleshoot devices in real time from the Workspace ONE console. The first issue, tracked as CVE-2022-31685 (CVSSv3 9.8/10), is an authentication bypass flaw, an attacker with network access to Workspace […]


Threats & Malware, Vulnerabilities

Google Patches High-Severity Privilege Escalation Vulnerabilities in Android

November 8, 2022

Via: Security Week

The first part of the update, the ‘2022-11-01 patch level’, includes fixes for 17 security defects, 12 of which could lead to escalation of privilege (EoP), three to denial of service (DoS), and two leading to information disclosure. All of […]


Threats & Malware, Vulnerabilities

Azul Vulnerability Detection uncovers known vulnerabilities in Java applications

November 3, 2022

Via: Help Net Security

Azul has released Azul Vulnerability Detection, a new SaaS product that continuously detects known security vulnerabilities that exist in Java applications. By eliminating false positives and with no performance impact, Azul Vulnerability Detection is ideal for in-production use and addresses […]