Alerts

VMware has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to execute arbitrary code, obtain information and cause a denial of service attack on the affected products. Samples of the addressed vulnerabilities: 1- VMware ESXi memory corruption vulnerability (CVE-2022-31696): CVSS: 7.5 Attack Vector: Local Attack Complexity: High

DeathStalker targets Financial and legal entities in the Middle East with a new Janicab malware variant. Janicab was introduced as malware that runs on macOS and Windows operating systems. DeathStalker has leveraged several malware strains and delivery chains over the years, from the Python and Visual Basic-based Janicab to the PowerShell-based Powersing and the JavaScript-based Evilnum. The

Silence APT group targets financial institutions in several countries around the world through delivering TrueBot malware which leveraging of Netwrix Auditor critical RCE Bug and Raspberry Robin worm. TrueBot was first identified in 2017 as downloader malware, the main goal is to infect systems, collect information to help triage interesting targets, and deploy additional payloads. Security Researchers

Cisco has released a security update to fix a vulnerability in Cisco IP Phone 7800 and 8800 Series firmware. The addressed vulnerability could allow the unauthenticated attacker to exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to the affected device to cause a stack overflow, resulting in possible remote code execution or a denial

Zerobot is a Go-Based Malware that has been observed targeting devices like F5 Big-IP, Zyxel Firewalls, spring4Shell, and phpMyAdmin with almost two dozen vulnerability exploits. The Botnet’s objective is to add compromised devices to its pool to launch DDoS attacks and execute arbitrary commands.  The malware targets several system architecures including i386, AMD64, ARM, ARM64,

Aruba has released security updates to fix vulnerabilities in Aruba ClearPass Policy Manager versions (6.10.x: 6.10.7 and below) and (6.9.x: 6.9.12 and below). The severity of the addressed vulnerabilities could allow the remote attacker to obtain and modify sensitive information, conduct a stored cross-site scripting (XSS) attack, execute arbitrary code and cause a denial of

Fortinet has released security updates to address multiple vulnerabilities across multiple products.  The addressed vulnerabilities could allow the remote attacker to gain access, log manipulation, and retrieve files with specific extensions from the affected products. These security updates fix several vulnerabilities affecting multiple Fortinet products such as FortiADC, FortiProxy, FortiOS, FortiSOAR, FortiDeceptor, and FortiSandbox. Sample

 Zoom has released security updates to fix vulnerabilities in multiple products. The severity of the addressed vulnerabilities could allow the local attacker to execute arbitrary code or gain privileges. Samples of the addressed vulnerabilities: 1. DLL injection in Zoom Windows Clients (CVE-2022-28766): CVSS: 8.1 Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction:

Intel releases security updates to address several vulnerabilities in multiple Intel products.  The severity of the addressed vulnerabilities could allow the locally authenticated attacker to gain elevated privileges on the system by improper input validation in the BIOS firmware or improper access control.  Samples of the addressed vulnerabilities:  1. Intel Privilege Escalation (CVE-2022-26006):  • CVSS:

Microsoft has released an updated Microsoft Edge (Version 107.0.1418.42) to fix several vulnerabilities. The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the affected system by persuading the victim to visit a specially crafted webpage. Samples of the addressed vulnerabilities: 1. Chromium V8 Code Execution (CVE-2022-3889): CVSS: 8.8

Cisco has released security updates to address several vulnerabilities in multiple products. The released security updates fix several vulnerabilities affecting multiple Cisco products such as Cisco ASA Software, Cisco FTD Software, Cisco FMC Software, Cisco FirePOWER Software and Cisco Secure Firewalls 3100 Series. The severity of the addressed vulnerabilities could allow the remote attacker to

Trend Micro has released new patches to address several vulnerabilities in Trend Micro Apex One and Apex One as a Service. The released security updates resolve several vulnerabilities having severity ratings from medium to high. The attacker could exploit some of these vulnerabilities to obtain sensitive information or gain privileged access on the affected system.

Google has released an updated Chrome version (107.0.5304.110) for Mac and Linux and (107.0.5304.106/.107) for Windows, to fix several vulnerabilities, The remote attacker could exploit these vulnerabilities to take control of the affected system. The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the affected system by persuading

SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (2) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad), SAPUI5 CLIENT RUNTIME, SAP NetWeaver