Top

Tag: vulnerabilities


Mobile, Wireless security

5G can reduce – but also create – security risk

November 23, 2022

Via: Help Net Security

As 5G connections are rapidly spreading, more and more questions and misconceptions are arising. What are the most common ones and how can they affect security teams? 5G is a comparatively new technology and many cybersecurity teams have not had […]


Threats & Malware, Vulnerabilities

BMC Firmware Vulnerabilities Expose OT, IoT Devices to Remote Attacks

November 22, 2022

Via: Security Week

BMC is a specialized processor that allows administrators to remotely control and monitor a device without having to access the operating system or applications running on it. The BMC can be used to reboot a device, install an operating system, […]


Cloud security, Security

Solvo Data Posture Manager protects organizations using public cloud services from data leakage and breaches

November 22, 2022

Via: Help Net Security

Solvo releases Data Posture Manager, its new cloud data and infrastructure management solution for public cloud users. Data Posture Manager delivers enhanced visibility into users and cloud components that have access to sensitive data, alerting organizations to excessive or newly-granted […]


Threats & Malware, Vulnerabilities

Atlassian Patches Critical Vulnerabilities in Bitbucket, Crowd

November 18, 2022

Via: Security Week

In the Bitbucket source code repository hosting service, Atlassian fixed CVE-2022-43781, a critical command injection vulnerability that affects Bitbucket Server and Data Center version 7 and, in some cases, version 8. “There is a command injection vulnerability using environment variables […]


Threats & Malware, Vulnerabilities

High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices

November 17, 2022

Via: The Hacker News

Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems. Cybersecurity firm Rapid7 said the flaws could be abused to remote access to the devices and defeat security constraints. […]


Application security, Security

How Cisco keeps its APIs secure throughout the software development process

November 14, 2022

Via: CSO Online

Software developers know not to reinvent the wheel. So, they lean on reusable micro-services – and their corresponding application programming interfaces (APIs) – as building blocks for application components. “Developers want to focus on the added value they can bring […]


Threats & Malware, Vulnerabilities

Foxit Patches Several Code Execution Vulnerabilities in PDF Reader

November 11, 2022

Via: Security Week

The feature-rich PDF reader provides broad functionality to users, including support for multimedia documents and dynamic forms via JavaScript support, which also expands the application’s attack surface. This week, Cisco’s Talos security researchers have published information on four vulnerabilities in […]


Threats & Malware, Vulnerabilities

Cisco Patches 33 Vulnerabilities in Enterprise Firewall Products

November 11, 2022

Via: Security Week

The most severe of the security defects is CVE-2022-20927, a bug in the dynamic access policies (DAP) functionality of ASA and FTD software, allowing a remote, unauthenticated attacker to cause a denial-of-service (DoS) condition. Due to improper processing of data […]


Threats & Malware, Vulnerabilities

Apple Patches Remote Code Execution Flaws in iOS, macOS

November 10, 2022

Via: Security Week

Written in the C programming language and originally developed for the Gnome project, libxml2 is a software library for parsing XML documents. Tracked as CVE-2022-40303 and CVE-2022-40304, the two vulnerabilities could lead to remote code execution. Apple has credited Google […]


Threats & Malware, Vulnerabilities

SAP Patches Critical Vulnerabilities in BusinessObjects, SAPUI5

November 9, 2022

Via: Security Week

There were also updates to two previously released notes. Three other security notes were released between the second Tuesday of October and the second Tuesday of November. Three of this month’s security notes are marked ‘hot news’, which represents the […]


Threats & Malware, Vulnerabilities

Citrix urges admins to patch these dangerous flaws immediately

November 9, 2022

Via: TechRadar

Citrix has released a fix for three high-severity vulnerabilities discovered in two of its popular products, and is now urging users to apply the patch immediately. The company has fixed three flaws found in Citrix ADC and Citrix Gateway. ADC […]


Threats & Malware, Vulnerabilities

Google Patches High-Severity Privilege Escalation Vulnerabilities in Android

November 8, 2022

Via: Security Week

The first part of the update, the ‘2022-11-01 patch level’, includes fixes for 17 security defects, 12 of which could lead to escalation of privilege (EoP), three to denial of service (DoS), and two leading to information disclosure. All of […]


Application security, Security

Synack’s API pentesting capability empowers users to verify exploitable API vulnerabilities

November 1, 2022

Via: Help Net Security

Synack launched an API pentesting capability powered by its global community of elite security researchers. Organizations can now rely on the Synack platform for continuous pentesting coverage across “headless” API endpoints that lack a user interface and are increasingly exposed […]


Threats & Malware, Vulnerabilities

Windows Event Log Vulnerabilities Could Be Exploited to Blind Security Products

October 27, 2022

Via: Security Week

Event Log is an Internet Explorer-specific application that exists in all Windows iterations, due to the deep integration of the browser with the operating system. Due to the specific set of permissions that Event Log has, two security defects haunt […]


Threats & Malware, Vulnerabilities

Cisco Users Informed of Vulnerabilities in Identity Services Engine

October 24, 2022

Via: Security Week

Davide Virruso of Yoroi discovered that the web-based management interface of Identity Services Engine is affected by an unauthorized file access flaw that can allow a remote, authenticated attacker to read and delete files on impacted devices. The issue is […]


Threats & Malware, Vulnerabilities

High, medium severity vulnerabilities impacting Zimbra Collaboration Suite

October 20, 2022

Via: CSO Online

Threat actors are actively exploiting multiple Common Vulnerabilities and Exposures (CVEs) against enterprise cloud-hosted collaboration software and email platform Zimbra Collaboration Suite (ZCS), according to an advisory update jointly issued by the US Cybersecurity and Infrastructure Security Agency (CISA) and […]


Threats & Malware, Vulnerabilities

WordPress Security Update 6.0.3 Patches 16 Vulnerabilities

October 19, 2022

Via: Security Week

WordPress 6.0.3 fixes nine stored and reflected cross-site scripting (XSS) vulnerabilities, as well as open redirect, data exposure, cross-site request forgery (CSRF), and SQL injection flaws. WordPress security company Defiant has shared a description of each vulnerability. Four of them […]


Threats & Malware, Vulnerabilities

Palo Alto Networks, Aruba Patch Severe Vulnerabilities

October 13, 2022

Via: Security Week

An advisory published by Palo Alto Networks on October 12 informs customers about a high-severity authentication bypass vulnerability affecting the web interface of its PAN-OS 8.1 software. The security hole is tracked as CVE-2022-0030. According to the company, a network-based […]


Mobile, Mobile security, Threats & Malware, Vulnerabilities

Android Security Updates Patch Critical Vulnerabilities

October 10, 2022

Via: Security Week

Tracked as CVE-2022-20419 and described as an information disclosure bug, the critical flaw has been resolved with the ‘2022-10-01 security patch level’, along with five other vulnerabilities in Framework that could lead to elevation of privilege, information disclosure and denial […]


Threats & Malware, Vulnerabilities

Mitigation for ProxyNotShell Exchange Vulnerabilities Easily Bypassed

October 4, 2022

Via: Security Week

The security holes, officially tracked as CVE-2022-41040 and CVE-2022-41082, can allow an attacker to remotely execute arbitrary code with elevated privileges. Researcher Kevin Beaumont named the vulnerabilities ProxyNotShell due to similarities to the Exchange vulnerability dubbed ProxyShell, which has been […]