Alerts

Aruba has released security updates to fix several vulnerabilities in multiple versions of Aruba Networks ArubaOS. The addressed vulnerabilities could allow the attacker to execute arbitrary commands, directory traversal, obtain sensitive information, cause a cross-site scripting attack, or gain access to the affected software versions. Sample of the addressed vulnerabilities: 1. Aruba Networks ArubaOS Cross-Site […]

Akira ransomware operation has increased its activity recently and first emerged in April 2023 targeting finance, education, real estate, manufacturing, and consulting sectors organizations around the world. Akira is based on the source code of Conti ransomware. Akira is a ransomware written in C++ that encrypts local files. Encrypted files have the extension “.akira” appended

Cisco has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to perform a cross-site scripting attack, gain elevated privileges, obtain sensitive information by reading or modifying the traffic transmitted between the sites, or gain access to the affected products. Sample of the addressed vulnerabilities: 1. Cisco

Mozilla has released an updated Firefox version 115, and Firefox ESR version 102.13 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to gain access, conduct a spoofing attack, bypass security restrictions, or execute arbitrary code by sending a specially crafted request to the affected system. Sample of the addressed vulnerabilities: Mozilla

Google has released an updated Chrome version (114.0.5735.198/199) for Windows and (114.0.5735.198) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to gain access, cause the application to crash, or execute arbitrary code on the affected system by persuading the victim to visit a specially crafted website. Sample

Security researchers have discovered an unpatched vulnerability in Microsoft Teams that could allow remote attackers to send malware to unsuspecting employees. Microsoft Teams’ default configuration allows users from outside (external tenants) of their organization to reach out to their staff members. The application doesn’t allow external tenants from sending files. However, security researchers discovered an

Apache has released security updates to address a vulnerability in multiple Apache Tomcat versions. The addressed vulnerability could allow the remote attacker to obtain sensitive information by sending a specially crafted HTTP request to the affected versions. Apache Tomcat Information Disclosure (CVE-2023-34981): CVSS: 7.5 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction:

VMware has released security updates to fix multiple vulnerabilities in VMware vCenter Server and Cloud Foundation. The addressed vulnerabilities could allow the attacker to execute arbitrary code, cause memory corruption, a denial of services attack, or an out-of-bound write/read on the affected system. Sample of the addressed vulnerabilities: 1. VMware vCenter Server heap-overflow Vulnerability (CVE-2023-20892):

Apple has released security updates to address multiple vulnerabilities across multiple products. The severity of the addressed vulnerabilities could allow the attacker to execute arbitrary code, gain access or gain elevated privileges on the affected systems by persuading a victim to visit a specially crafted web site. Sample of the addressed vulnerabilities: 1. Apple macOS

Cisco has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to perform a cross-site scripting attack by persuading a user of an affected interface to click a crafted link or bypass security restrictions on Cisco Duo caused by the incorrect handling of responses from Cisco Duo

Juniper has released security updates to fix a vulnerability across Junos OS and Junos OS Evolved. The addressed vulnerability could allow the remote attacker to cause a denial of service attack on the affected products by sending a BGP update containing a specific, optional transitive attribute. Juniper Networks Junos OS and Junos OS Evolved Denial

Fortinet has released a security update to fix several vulnerabilities in multiple versions of FortiOS and FortiProxy. The addressed vulnerabilities could allow the attacker to cause a denial of service attack by sending a specially crafted request to the affected products. Sample of the addressed vulnerabilities: Fortinet FortiOS and FortiProxy Denial of Service (CVE-2023-33306): CVSS:

Palo Alto has released security updates to fix several vulnerabilities in PAN-OS and GlobalProtect App. The addressed vulnerabilities could allow the attacker to execute a JavaScript payload in the context of an authenticated Captive Portal user’s browser or gain elevated privileges on the affected system. The addressed vulnerabilities: 1. GlobalProtect App: Local Privilege Escalation Vulnerability

VMware has released a security update to fix a vulnerability in VMware Tools. The addressed vulnerability could allow the attacker to bypass security restrictions and obtain access to the guest virtual machine of the affected versions. the addressed vulnerability: VMware Tools Security Bypass Vulnerability (CVE-2023-20867): CVSS: 3.9 Attack Vector: Local Attack Complexity: High Privileges Required:

Zoom has released security updates to address several vulnerabilities in Windows, MacOS, and Linux. The addressed vulnerabilities could allow the attacker to cause a denial of service, gain privileges, bypass security restrictions, obtain information, and perform cross-site scripting on the affected systems. Sample of the addressed vulnerabilities: 1. Zoom for Windows, Zoom Rooms for Windows,