Apple has released security updates to address multiple vulnerabilities across multiple products. The severity of the addressed vulnerabilities could allow the attacker to execute arbitrary code, gain access or gain elevated privileges on the affected systems by persuading a victim to visit a specially crafted web site. Sample of the addressed vulnerabilities: 1. Apple macOS […]
Apple Security Updates – 22 June 2023 Read More »
Cisco has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to perform a cross-site scripting attack by persuading a user of an affected interface to click a crafted link or bypass security restrictions on Cisco Duo caused by the incorrect handling of responses from Cisco Duo
Cisco Security Updates – 22 June 2023 Read More »
Juniper has released security updates to fix a vulnerability across Junos OS and Junos OS Evolved. The addressed vulnerability could allow the remote attacker to cause a denial of service attack on the affected products by sending a BGP update containing a specific, optional transitive attribute. Juniper Networks Junos OS and Junos OS Evolved Denial
Juniper Security Updates – 22 June 2023 Read More »
Ivanti has released security update to address a vulnerability in Ivanti Endpoint Manager (EPM). The addressed vulnerability could allow the unauthenticated attacker to execute arbitrary code on Ivanti EPM 2022 SU3 and all previous versions to escalate privileges on the affected machine or to be used as a stepping stone to get to other network
Ivanti Security Update – 22 June 2023 Read More »
MOVEit Transfer has released a security update to address a critical vulnerability. The addressed vulnerability could allow the remote attacker to submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content. The addressed vulnerability: Progress MOVEit Transfer SQL Injection Vulnerability (CVE-2023-35708): CVSS: 9.8 Attack
MOVEit Transfer Security Update – 20 June 2023 Read More »
Fortinet has released a security update to fix several vulnerabilities in multiple versions of FortiOS and FortiProxy. The addressed vulnerabilities could allow the attacker to cause a denial of service attack by sending a specially crafted request to the affected products. Sample of the addressed vulnerabilities: Fortinet FortiOS and FortiProxy Denial of Service (CVE-2023-33306): CVSS:
Fortinet Security Update – 18 June 2023 Read More »
Palo Alto has released security updates to fix several vulnerabilities in PAN-OS and GlobalProtect App. The addressed vulnerabilities could allow the attacker to execute a JavaScript payload in the context of an authenticated Captive Portal user’s browser or gain elevated privileges on the affected system. The addressed vulnerabilities: 1. GlobalProtect App: Local Privilege Escalation Vulnerability
Palo Alto Security Updates – 15 June 2023 Read More »
VMware has released a security update to fix a vulnerability in VMware Tools. The addressed vulnerability could allow the attacker to bypass security restrictions and obtain access to the guest virtual machine of the affected versions. the addressed vulnerability: VMware Tools Security Bypass Vulnerability (CVE-2023-20867): CVSS: 3.9 Attack Vector: Local Attack Complexity: High Privileges Required:
VMware Security Update -14 June 2023 Read More »
Zoom has released security updates to address several vulnerabilities in Windows, MacOS, and Linux. The addressed vulnerabilities could allow the attacker to cause a denial of service, gain privileges, bypass security restrictions, obtain information, and perform cross-site scripting on the affected systems. Sample of the addressed vulnerabilities: 1. Zoom for Windows, Zoom Rooms for Windows,
Zoom Security Updates – 14 June 2023 Read More »
Citrix has released security updates to address several vulnerabilities in CVAD, Citrix DaaS, and ShareFile StorageZones Controller. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, and obtain administrative access by sending a specially crafted request to the affected system. The addressed vulnerabilities: 1. ShareFile StorageZones Controller Vulnerability (CVE-2023-24489): CVSS: 9.1 Attack
Citrix Security Updates – 14 June 2023 Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. Microsoft has fixed (78) vulnerabilities, with (6) classified as critical as they could allow the attacker to perform denial of service attacks, remote code execution, and privilege elevation on the affected products. June’s Patch Tuesday was released to fix security flaws in
Microsoft June 2023 Patch Tuesday Read More »
Google has released an updated Chrome version (114.0.5735.133/134) for Windows and (114.0.5735.133) for Mac and Linux to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to gain access, cause the application to crash, or execute arbitrary code on the affected system by persuading the victim to visit a specially crafted website. Sample
Google Chrome Security Update – 14 June 2023 Read More »
SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (5) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP Knowledge Warehouse, SAP UI5 Variant Management, SAP Plant Connectivity, SAPUI5, SAP S/4HANA, SAP NetWeaver (Design
SAP June 2023 Security Patch Day Read More »
Fortinet has released security updates to fix several vulnerabilities in multiple Fortinet products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, cause a denial of service attack, obtain sensitive information, execute arbitrary code, and gain access to the affected products by sending specially crafted requests. Sample of the addressed vulnerabilities: 1. Fortinet
Fortinet Security Updates – 13 June 2023 Read More »
Fortinet has released a security update to fix a critical SSL-VPN RCE vulnerability in multiple FortiOS firmware versions. The addressed vulnerability could allow the attacker to execute arbitrary code, and gain access by sending a specially crafted request to the affected products. The addressed vulnerability: Fortinet FortiGate and FortiOS Code Execution (CVE-2023-27997): CVSS: 9.8 Attack
Fortinet Security Update – 12 June 2023 Read More »
Stealth Soldier is a newly developed and tailored malware that has been strategically deployed in recent espionage campaigns specifically focused on North Africa. Stealth Soldier is a customized malware used in targeted attacks, enabling surveillance operations with features such as keystroke logging, screenshot capturing, and microphone recording. The Tactics and Techniques of Stealth Soldier Malware:
Stealth Soldier Malware – 12 June 2023 Read More »
Cisco released security updates to address several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to execute arbitrary code, gain access, escalate privileges, cause a denial of service, or perform cross-site scripting on the affected products. Sample of the addressed vulnerabilities: 1. Cisco Expressway Series and Cisco TelePresence VCS Privilege Escalation
Cisco Security Updates – 08 June 2023 Read More »
VMware has released a security update to fix multiple vulnerabilities across Aria Operations for Networks (Formerly vRealize Network Insight). The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, execute arbitrary code and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Aria Operations for Networks Command Injection (CVE-2023-20887): CVSS:
VMware Security Update – 07 June 2023 Read More »
Trend Micro has released security updates to address multiple vulnerabilities in Apex One, and Apex One as a Service. The addressed vulnerabilities could allow the attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on the affected products. The attacker must be able to execute low-privileged code on the
Trend Micro Security Updates – 07 June 2023 Read More »
Mozilla has released an updated Firefox version 114 and Firefox ESR version 102.12 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to cause a denial of service attack, bypass security restrictions, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Mozilla Firefox Safety
Mozilla FireFox Security Updates – 07 June 2023 Read More »
