IBM has released security updates to fix several vulnerabilities across multiple products. The severity of the addressed vulnerabilities could allow the remote attacker to expose sensitive information or consume the memory resources of the affected system. Sample of the addressed vulnerabilities : IBM InfoSphere Information Server external entity injection (CVE-2022- 40747) CVSS: 8.2 Attack Vector: […]
IBM Security Updates -18 October 2022 Read More »
EG-FinCIRT has detected an Ongoing Phishing Campaign that started to target the Financial Sector in Egypt to deliver a new variant of Snake Keylogger Infostealer. Snake Keylogger is a modular .NET keylogger stealing sensitive information from a victim’s device, including saved credentials, the victim’s keystrokes, screenshots of the victim’s screen, and clipboard data. The malware
Ongoing Phishing Campaign -18 October 2022 Read More »
Linux has released security updates on multiple distributions. Linux Kernel 5.1 through 5.19.x before 5.19.16 is vulnerable to various remote code execution vulnerabilities, allowing the attacker to execute arbitrary code on the system and cause a denial of service. Sample of the addressed vulnerabilities: 1- Linux Kernel Code Execution (CVE-2022-42719): CVSS: 8 Attack Vector: Adjacent
Linux Security Updates – 16 October 2022 Read More »
Apache has released a security Update to address a critical vulnerability in Apache Commons. The remote attacker could exploit this vulnerability to take control of the affected system. Apache Commons Text is vulnerable to code execution caused by an insecure interpolation defaults flaw. The attacker could exploit this vulnerability by sending a specially-crafted input to execute arbitrary
Apache Security Update – 16 October 2022 Read More »
Aruba has released security updates for Aruba EdgeConnect Enterprise Orchestrator that address multiple critical security vulnerabilities. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The addressed vulnerabilities could allow the remote attacker to elevate privileges to administrators without credentials and allow arbitrary command execution on the underlying host leading
Aruba Released Security Updates – 16 October 2022 Read More »
Juniper Networks has released multiple security updates to address many vulnerabilities affecting multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system, and cause a denial of service. The most severe of the addressed vulnerabilities could allow the remote authenticated attacker with ‘WRITE’ permissions to store one
Juniper Networks Security Updates – 13 October 2022 Read More »
Palo Alto has released a security update to address a vulnerability in Palo Alto Networks PAN-OS. The remote attacker could exploit this vulnerability to take control of the affected system. Palo Alto Networks PAN-OS is vulnerable to authentication bypass vulnerability in the PAN-OS 8.1 web interface that could allow the network-based attacker with specific knowledge
Palo Alto Security Updates – 13 October 2022 Read More »
SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (2) updates to the previously released patch day security note. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP Manufacturing Execution, SAP Commerce, and SAP BusinessObjects Business Intelligence Platform. The remote attacker could exploit
SAP October 2022 Security Patch Day 12 October 2022 Read More »
Google has released an updated Chrome version 106.0.5249.119 for Windows, Mac, and Linux to fix multiple vulnerabilities. The remote attacker could exploit some of these vulnerabilities to take control of the affected system or cause a denial of service. The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code or
Google Chrome Security Update – 12 October 2022 Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday, which fixestwo publicly zero-day vulnerabilities, one actively exploited in attacks and one publicly disclosed. Microsoft has fixed (84) vulnerabilities (not including Microsoft Edge vulnerabilities), with (13) classified as Critical as they allow privilege elevation, spoofing, or remote code execution. October’s Patch Tuesday
Microsoft October 2022 Patch Tuesday Read More »
Fortinet has released security updates to address multiple vulnerabilities across multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The highest severity of the addressed vulnerabilities could allow the attacker to execute arbitrary commands in the underlying shell due to multiple improper neutralization of special elements
Fortinet Released Security Updates – 10 October 2022 Read More »
VMware has released a security advisory to address several vulnerabilities which affect multiple VMware products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The addressed vulnerabilities could allow the attackers to perform several attacks, like executing arbitrary code on the underlying operating system that hosts the vCenter
VMware Released Security Updates – 09 October 2022 Read More »
Trend Micro has released a new critical patch to address several vulnerabilities in Trend Micro Apex One SP1 and Apex One SaaS. The released security updates resolve several vulnerabilities having severity ratings from medium to critical. The remote attacker could exploit some of these vulnerabilities to gain privileged access to the affected system. Samples of the
Trend Micro Released Security Updates – 09 October 2022 Read More »
Fortinet has released security patches to fix a critical authentication bypass vulnerability across multiple products. The mentioned vulnerability could allow the remote attacker to bypass security restrictions by sending specially crafted HTTP or HTTPS requests to log into unpatched devices and perform operations on the administrative interface. Fortinet FortiOS and Fortinet FortiProxy security bypass (CVE-2022-40684): •
Fortinet Released Security Updates – 09 October 2022 Read More »
Cisco has released security updates to address several vulnerabilities in multiple Cisco products The severity of the addressed vulnerabilities could allow the attacker to fully compromise the Cisco NFVIS system and cause a denial of service. Samples of the addressed vulnerabilities: 1. Cisco Enterprise NFV Infrastructure Software (NFVIS) code execution (CVE 2022-20929): • CVSS: 7.8 •
Cisco Released Security Updates – 08 October 2022 Read More »
Microsoft has released an updated version of Microsoft Edge (Version 106.0.1370.34) to fix a vulnerability in Microsoft Edge. The remote attacker could exploit this vulnerability to take control of the affected system. The severity of the addressed vulnerability could allow the remote attacker to exploit this vulnerability by persuading a victim to visit a specially crafted Web
Microsoft Edge Security Update – 04 October 2022 Read More »
The Twig third-party library for content templating and sanitization has released a security update that affects Drupal versions (8.0.0 to 9.3.22, 9.4.0 to 9.4.7). The severity of the addressed vulnerability could allow an untrusted user to access private files, the contents of other files on the server, or database credentials.The remote attacker could exploit this vulnerability
Drupal Security Update 02 October 2022 Read More »
Google has released an updated Chrome version (106.0.5249.91) for Windows, Mac, and Linux to fix multiple vulnerabilities. The remote attacker could exploit these vulnerabilities to take control of the affected system. The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the affected system by persuading the victim to
Google Chrome Security Updates 02 October 2022 Read More »
Security researchers have detected Microsoft Exchange zero-day vulnerabilities allowing for remote code execution. These vulnerabilities are so critical that they enable the attackers to perform RCE on the compromised systems when Powershell is accessible. Microsoft has identified two zero-day vulnerabilities, CVE-2022-41040 (Server Side Request Forgery (SSRF)) and CVE-2022-41082 (Remote Code Execution (RCE)), affecting Microsoft Exchange Server
Microsoft Exchange Zero-Day Actively Exploited in Attacks Read More »
Redhat, Ubuntu, SUSE, and Debian released security updates to address multiple vulnerabilities. The attacker could exploit some of these vulnerabilities to take control of the affected system. The most severe vulnerability in the Linux kernel could allow the attacker to execute arbitrary code on the system caused by sending a specially-crafted request. Sample of the
Linux Security Updates – 29 September 2022 Read More »
