security update

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911)

Debian, Don't miss, Fedora, Hot stuff, Linux, News, PoC, Qualys, Red Hat, security update, Ubuntu, vulnerability /

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911) 05/10/2023 at 16:17 By Zeljka Zorz A vulnerability (CVE-2023-4911) in the GNU C Library (aka “glibc”) can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers. About CVE-2023-4911 Dubbed “Looney Tunables”, CVE-2023-4911 is a buffer overflow vulnerability […]

React to this headline:

Loading spinner

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911) Read More »

Apple patches another iOS zero-day under attack (CVE-2023-42824)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, News, security update, vulnerability /

Apple patches another iOS zero-day under attack (CVE-2023-42824) 05/10/2023 at 13:47 By Helga Labus Apple has released a security update for iOS and iPadOS to fix another zero-day vulnerability (CVE-2023-42824) exploited in the wild. About the vulnerability (CVE-2023-42824) CVE-2023-42824 is a kernel vulnerability that could allow a local threat actor to elevate its privileges on

React to this headline:

Loading spinner

Apple patches another iOS zero-day under attack (CVE-2023-42824) Read More »

Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515)

0-day, Atlassian, Atlassian Confluence, Don't miss, Hot stuff, News, Rapid7, security update, vulnerability /

Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515) 05/10/2023 at 13:02 By Helga Labus Atlassian has fixed a critical zero-day vulnerability (CVE-2023-22515) in Confluence Data Center and Server that is being exploited in the wild. “Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited

React to this headline:

Loading spinner

Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515) Read More »

Qualcomm patches 3 actively exploited zero-days

0-day, Don't miss, drivers, Hot stuff, News, Qualcomm, security update, vulnerability /

Qualcomm patches 3 actively exploited zero-days 04/10/2023 at 16:46 By Helga Labus Qualcomm has fixed three actively exploited vulnerabilities (CVE-2023-33106, CVE-2023-33107, CVE-2023-33063) in its Adreno GPU and Compute DSP drivers. Vulnerabilities exploited in Qualcomm GPU and DSP drivers The US-based semiconductor company has been notified by Google Threat Analysis Group and Google Project Zero that

React to this headline:

Loading spinner

Qualcomm patches 3 actively exploited zero-days Read More »

Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211)

0-day, Android, Arm, Don't miss, firmware, Google, Hot stuff, Huawei, News, Samsung, security update, smartphones /

Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211) 03/10/2023 at 14:16 By Zeljka Zorz A vulnerability (CVE-2023-4211) in the kernel drivers for several Mali GPUs “may be under limited, targeted exploitation,” British semiconductor manufacturer Arm has confirmed on Monday, when it released drivers updated with patches. Arm’s Mali GPUs are used on a

React to this headline:

Loading spinner

Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211) Read More »

Critical zero-days in Exim revealed, only 3 have been fixed

0-day, Don't miss, email security, Exim, Hot stuff, Linux, News, security update, Trend Micro, vulnerability disclosure, WatchTowr /

Critical zero-days in Exim revealed, only 3 have been fixed 02/10/2023 at 17:03 By Zeljka Zorz Six zero-days in Exim, the most widely used mail transfer agent (MTA), have been revealed by Trend Micro’s Zero Day Initiative (ZDI) last Wednesday. Due to what seems to be insufficient information and poor communication, fixes for only three

React to this headline:

Loading spinner

Critical zero-days in Exim revealed, only 3 have been fixed Read More »

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)

Assetnote, Don't miss, file-sharing, Hot stuff, News, Progress, Rapid7, security update, vulnerability /

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044) 02/10/2023 at 14:17 By Helga Labus Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities (CVE-2023-40044, CVE-2023-42657) in WS_FTP Server, another popular secure file transfer solution. Proof-of-concept code for CVE-2023-40044 has been available since Friday, and Rapid7 researchers

React to this headline:

Loading spinner

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044) Read More »

Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217)

0-day, Chrome, Don't miss, Google, Hot stuff, News, security update, vulnerability /

Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217) 28/09/2023 at 14:47 By Helga Labus Google has fixed another critical zero-day vulnerability (CVE-2023-5217) in Chrome that is being exploited in the wild. About CVE-2023-5217 The vulnerability is caused by a heap buffer overflow in vp8 encoding in libvpx – a video codec library from Google

React to this headline:

Loading spinner

Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217) Read More »

GitLab fixes critical vulnerability, patch now! (CVE-2023-5009)

DevOps, Don't miss, GitLab, Hot stuff, News, open source, security update, vulnerability /

GitLab fixes critical vulnerability, patch now! (CVE-2023-5009) 22/09/2023 at 13:31 By Helga Labus GitLab has fixed a critical vulnerability (CVE-2023-5009) in the Enterprise Edition (EE) and Community Edition (CE) of its widely used DevOps platform. They flaw may allow a threat actor to abuse scan execution policies to run pipelines as another user. About the

React to this headline:

Loading spinner

GitLab fixes critical vulnerability, patch now! (CVE-2023-5009) Read More »

Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones

0-day, apple, Don't miss, Hot stuff, iOS, iPad, Isosceles, macOS, News, security update, spyware /

Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones 22/09/2023 at 13:19 By Zeljka Zorz Apple has released updates for iOS and iPadOS, macOS, watchOS, and Safari to fix three zero-day vulnerabilities (CVE-2023-41992, CVE-2023-41991, CVE-2023-41993) exploited “against versions of iOS before iOS 16.7.” Bill Marczak of The Citizen Lab at The University of Toronto’s Munk

React to this headline:

Loading spinner

Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones Read More »

Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179)

Don't miss, Endpoint Security, enterprise, Hot stuff, News, patch, security update, Trend Micro, vulnerability /

Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) 21/09/2023 at 11:46 By Zeljka Zorz Trend Micro has fixed a critical zero-day vulnerability (CVE-2023-41179) in several of its endpoint security products for enterprises that has been spotted being exploited in the wild. About CVE-2023-41179 The nature of the flaw hasn’t been revealed, but we know

React to this headline:

Loading spinner

Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) Read More »

Kubernetes vulnerabilities allows RCE on Windows endpoints (CVE-2023-3676)

Akamai, Don't miss, Hot stuff, Kubernetes, News, security update, vulnerability, Windows /

Kubernetes vulnerabilities allows RCE on Windows endpoints (CVE-2023-3676) 18/09/2023 at 14:32 By Helga Labus Three high-severity Kubernetes vulnerabilities (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955) could allow attackers to execute code remotely and gain control over all Windows nodes in the Kubernetes cluster. About the vulnerabilities CVE-2023-3676, discovered by Akamai researcher Tomer Peled, is a command injection vulnerability that

React to this headline:

Loading spinner

Kubernetes vulnerabilities allows RCE on Windows endpoints (CVE-2023-3676) Read More »

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802)

Adobe, Automox, CVE, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, patch, Patch Tuesday, security update, Tenable, Trend Micro /

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) 12/09/2023 at 22:01 By Zeljka Zorz September 2023 Patch Tuesday is here, with fixes for actively exploited vulnerabilities in Adobe Acrobat and Reader (CVE-2023-26369), Microsoft Word (CVE-2023-36761), and Microsoft Streaming Service Proxy (CVE-2023-36802). Microsoft vulnerabilities of note Microsoft has delivered fixes for 61 CVE-numbered flaws:

React to this headline:

Loading spinner

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) Read More »

Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863)

0-day, Chrome, Don't miss, Google, Hot stuff, News, security update, vulnerability /

Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863) 12/09/2023 at 12:47 By Helga Labus Google has rolled out a security update for a critical Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild. About the vulnerability (CVE-2023-4863) CVE-2023-4863 is a critical heap buffer overflow vulnerability in the component that handles WebP, a raster graphics file

React to this headline:

Loading spinner

Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863) Read More »

VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039)

Don't miss, Hot stuff, News, security update, VMWare, vulnerability /

VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039) 30/08/2023 at 14:01 By Helga Labus VMware has patched one critical (CVE-2023-34039) and one high-severity vulnerability (CVE-2023-20890) in Aria Operations for Networks, its popular enterprise network monitoring tool. About the vulnerabilities (CVE-2023-34039, CVE-2023-20890) CVE-2023-34039 is a network bypass vulnerability arising as a result of a

React to this headline:

Loading spinner

VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039) Read More »

PoC for no-auth RCE on Juniper firewalls released

Don't miss, exploit, Hot stuff, Juniper Networks, Junos OS, News, PoC, security update, vulnerability, WatchTowr /

PoC for no-auth RCE on Juniper firewalls released 28/08/2023 at 13:32 By Zeljka Zorz Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit. Junos OS vulnerabilities and fixes Earlier this month,

React to this headline:

Loading spinner

PoC for no-auth RCE on Juniper firewalls released Read More »

Attackers exploited WinRAR zero-day for months to steal money from brokers (CVE-2023-38831)

0-day, cybercrime, Don't miss, Group-IB, Hot stuff, News, security update, Windows, WinRAR /

Attackers exploited WinRAR zero-day for months to steal money from brokers (CVE-2023-38831) 23/08/2023 at 18:46 By Zeljka Zorz Financially-motivated attackers have exploited a zero-day vulnerability in WinRAR (CVE-2023-38831) to trick traders into installing malware that would allow them to steal money from broker accounts. “This vulnerability has been exploited since April 2023,” says Group-IB malware

React to this headline:

Loading spinner

Attackers exploited WinRAR zero-day for months to steal money from brokers (CVE-2023-38831) Read More »

Ivanti Sentry zero-day vulnerability fixed, patch ASAP! (CVE-2023-38035)

0-day, enterprise, gateway, Ivanti, Mnemonic, News, security update /

Ivanti Sentry zero-day vulnerability fixed, patch ASAP! (CVE-2023-38035) 22/08/2023 at 13:48 By Zeljka Zorz Ivanti is urging administrators of Ivanti Sentry (formerly MobileIron Sentry) gateways to patch a newly discovered vulnerability (CVE-2023-38035) that could be exploited to change configuration, run system commands, or write files onto the vulnerable system. “As of now, we are only

React to this headline:

Loading spinner

Ivanti Sentry zero-day vulnerability fixed, patch ASAP! (CVE-2023-38035) Read More »

Juniper Networks fixes flaws leading to RCE in firewalls and switches

Don't miss, firewall, Hot stuff, Juniper Networks, News, security update, vulnerability /

Juniper Networks fixes flaws leading to RCE in firewalls and switches 22/08/2023 at 11:46 By Helga Labus Juniper Networks has fixed four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) in Junos OS that, if chained together, could allow attackers to achieve remote code execution (RCE) on the company’s SRX firewalls and EX switches. The fixed Junos OS

React to this headline:

Loading spinner

Juniper Networks fixes flaws leading to RCE in firewalls and switches Read More »

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477)

Don't miss, Hot stuff, News, security update, Trend Micro, vulnerability, Windows, WinRAR /

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477) 21/08/2023 at 14:47 By Helga Labus RARLAB has fixed a high-severity RCE vulnerability (CVE-2023-40477) in the popular file archiver tool WinRAR. About CVE-2023-40477 A widely used Windows-only utility, WinRAR can create and extract file archives in various compression formats (RAR, ZIP, CAB, ARJ, LZH, TAR, GZip,

React to this headline:

Loading spinner

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477) Read More »

Scroll to Top