Drupal has released a security update to fix a vulnerability in the Drupal Two-factor Authentication module versions before tfa 8.x-1.1. The addressed vulnerability could allow the remote attacker to bypass access restrictions to reset the password by sending a specially crafted request to the affected products. Two-factor Authentication Module for Drupal Security Bypass Vulnerability (SACONTRIB- […]
Drupal Security Update – 13 July 2023 Read More »
Cisco has released a security update to fix a critical vulnerability in Cisco SD-WAN vManage software. The addressed vulnerability could allow the remote attacker to gain access, gain read permissions, or limited write permissions to the configuration, or obtain sensitive information from the affected Cisco SD-WAN vManage instance by sending a crafted API request. Cisco
Cisco Security Update – 13 July 2023 Read More »
SonicWall has released security updates to fix multiple vulnerabilities affecting multiple SonicWall products. The addressed vulnerabilities could allow the attacker to bypass authentication, directory traversal, or disclose information on the affected systems. Sample of the addressed vulnerabilities: 1. Password Hash Read via Web Service (CVE-2023-34134): CVSS: 9.8 Attack Vector: Network Attack Complexity: High Privileges Required:
SonicWall Security Updates – 13 July 2023 Read More »
Citrix has released security updates to address several vulnerabilities in Citrix Secure Access Client. The addressed vulnerabilities could allow the attacker to execute arbitrary code or gain elevated privileges on the affected systems. The addressed vulnerabilities: 1. Citrix Secure Access Client for Ubuntu Code Execution (CVE-2023-24492): CVSS: 9.6 Attack Vector: Network Attack Complexity: Low Privileges
Citrix Security Updates – 12 July 2023 Read More »
Zoom has released security updates to fix vulnerabilities in Zoom Rooms, Zoom Windows Client, and Zoom Client SDK. The addressed vulnerabilities could allow the attacker to escalate privileges, or disclose information on the affected systems. Sample of the addressed vulnerabilities: 1. Zoom Rooms Improper Input Validation (CVE-2023-36538): CVSS: 8.4 Attack Vector: Local Attack Complexity: Low
Zoom Security Updates – 12 July 2023 Read More »
Fortinet has released security updates to fix several vulnerabilities in multiple Fortinet products. The addressed vulnerabilities could allow the attacker to overflow a buffer, execute arbitrary code, directory traversal, obtain sensitive information, and gain access to the affected products by sending specially crafted requests. Sample of the addressed vulnerabilities: Fortinet FortiOS and Fortinet FortiProxy Buffer
Fortinet Security Updates – 12 July 2023 Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed six actively exploited zero-day vulnerabilities. Microsoft has fixed (132) vulnerabilities, with (9) classified as critical as they could allow the attacker to perform remote code execution on the affected products. July’s Patch Tuesday was released to fix security
Microsoft July 2023 Patch Tuesday Read More »
SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (2) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP Business Client, SAP ECC and SAP S/4HANA (IS-OIL), SAP NetWeaver, SAP Web Dispatcher, SAP UI5
SAP July 2023 Security Patch Day Read More »
Apple has released a security update to fix a zero-day vulnerability affecting macOS Ventura, and Safari. The addressed vulnerability could allow the remote attacker to gain access, and execute arbitrary code on the affected system by persuading the victim to visit a specially crafted website. The addressed vulnerability: Apple iOS, iPadOS, and macOS Ventura Code
Apple Security Update – 11 July 2023 Read More »
IBM has released security updates to fix multiple vulnerabilities in IBM Db2 versions (10.5.0.11, 11.1.4.7, 11.5.x), and IBM Db2 JDBC drivers. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a denial of service attack on the affected product. Sample of the addressed vulnerabilities: 1. IBM Db2 Denial of Service
IBM Security Updates – 09 July 2023 Read More »
Aruba has released security updates to fix several vulnerabilities in multiple versions of Aruba Networks ArubaOS. The addressed vulnerabilities could allow the attacker to execute arbitrary commands, directory traversal, obtain sensitive information, cause a cross-site scripting attack, or gain access to the affected software versions. Sample of the addressed vulnerabilities: 1. Aruba Networks ArubaOS Cross-Site
Aruba Security Updates – 09 July 2023 Read More »
MOVEit Transfer has released a security update to address multiple vulnerabilities in multiple versions of Progress MOVEit Transfer. The addressed vulnerabilities could allow the remote attacker to cause a denial of service, or SQL injection attacks to view, add, modify, or delete information in the back-end database on the affected system. Sample of the addressed
MOVEit Transfer Security Update – 08 July 2023 Read More »
Akira ransomware operation has increased its activity recently and first emerged in April 2023 targeting finance, education, real estate, manufacturing, and consulting sectors organizations around the world. Akira is based on the source code of Conti ransomware. Akira is a ransomware written in C++ that encrypts local files. Encrypted files have the extension “.akira” appended
Akira Ransomware – 06 July 2023 Read More »
Cisco has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to perform a cross-site scripting attack, gain elevated privileges, obtain sensitive information by reading or modifying the traffic transmitted between the sites, or gain access to the affected products. Sample of the addressed vulnerabilities: 1. Cisco
Cisco Security Updates – 06 July 2023 Read More »
Mozilla has released an updated Firefox version 115, and Firefox ESR version 102.13 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to gain access, conduct a spoofing attack, bypass security restrictions, or execute arbitrary code by sending a specially crafted request to the affected system. Sample of the addressed vulnerabilities: Mozilla
Mozilla FireFox Security Updates – 05 July 2023 Read More »
Google has released an updated Chrome version (114.0.5735.198/199) for Windows and (114.0.5735.198) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to gain access, cause the application to crash, or execute arbitrary code on the affected system by persuading the victim to visit a specially crafted website. Sample
Google Chrome Security Update – 27 June 2023 Read More »
Security researchers have discovered an unpatched vulnerability in Microsoft Teams that could allow remote attackers to send malware to unsuspecting employees. Microsoft Teams’ default configuration allows users from outside (external tenants) of their organization to reach out to their staff members. The application doesn’t allow external tenants from sending files. However, security researchers discovered an
Microsoft Teams IDOR Vulnerability – 25 June 2023 Read More »
Fortinet has released security updates to fix two vulnerabilities in FortiNAC affecting multiple versions. The addressed critical vulnerability could allow the remote attacker to execute unauthorized code or commands via specifically crafted requests to the TCP/1050 service. Sample of the addressed vulnerabilities: FortiNAC – Java Untrusted Object Deserialization RCE (CVE-2023-33299): CVSS: 9.6 Attack Vector: Network
Fortinet Security Updates – 23 June 2023 Read More »
Apache has released security updates to address a vulnerability in multiple Apache Tomcat versions. The addressed vulnerability could allow the remote attacker to obtain sensitive information by sending a specially crafted HTTP request to the affected versions. Apache Tomcat Information Disclosure (CVE-2023-34981): CVSS: 7.5 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction:
Apache Security Updates – 22 June 2023 Read More »
VMware has released security updates to fix multiple vulnerabilities in VMware vCenter Server and Cloud Foundation. The addressed vulnerabilities could allow the attacker to execute arbitrary code, cause memory corruption, a denial of services attack, or an out-of-bound write/read on the affected system. Sample of the addressed vulnerabilities: 1. VMware vCenter Server heap-overflow Vulnerability (CVE-2023-20892):
VMware Security Updates – 22 June 2023 Read More »
