Alerts Archives - Page 40 of 47

Raccoon Stealer Malware 18 January 2023

Raccoon is a Trojan malware written in C/C++ that steals information and cryptocurrency from infected users. It is being used as Malware-as-a-service (MaaS) on underground forums by Ukrainian-speaking sellers. Raccoon enables threat actors to steal sensitive information, including credit card details, home addresses, phone numbers, email accounts, and login credentials from infected systems. The Tactics and Techniques of Raccoon […]

Raccoon Stealer Malware 18 January 2023 Read More »

Oracle Security Patch Updates January 2023

Alerts, Announcements

Oracle released its critical patch updates for January 2023, containing (327) new security patches for multiple affected products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. This critical patch update provides security updates to fix several vulnerabilities that may be remotely exploitable without authentication in a wide range of product families,

Oracle Security Patch Updates January 2023 Read More »

Apache Server Security Update 18 January 2023

Alerts

Apache has released a security update to fix multiple vulnerabilities in Apache HTTP Server. Apache HTTP Server version 2.4.54 and earlier is vulnerable to several attacks such as HTTP request smuggling, HTTP response splitting, and denial of service attacks. The severity of the mentioned vulnerabilities could allow the attacker to gain access to the affected systems and cause a

Apache Server Security Update 18 January 2023 Read More »

ManageEngine Security Update 17 January 2023

Alerts, Announcements

ManageEngine has released a security update to address a critical vulnerability affecting multiple products. The severity of the addressed vulnerability could allow the remote attacker to execute arbitrary code on the system by sending a specially-crafted request. It should be highlighted that the admins of ManageEngine were warned about a proof-of-concept (POC) that has been created to exploit

ManageEngine Security Update 17 January 2023 Read More »

Microsoft Edge Security Update 15 January 2023

Alerts

Microsoft has released an updated Microsoft Edge Stable version (109.0.1518.49) to fix multiple vulnerabilities in Microsoft Edge (Chromium-based). The addressed vulnerabilities could allow the remote attacker to gain elevated privileges or execute arbitrary code on the affected system by persuading the victim to visit a specially-crafted webpage. Sample of the addressed vulnerabilities: 1. Chromium Remote Code Execution Vulnerability

Microsoft Edge Security Update 15 January 2023 Read More »

Cisco Security Updates 12 January 2023

Alerts, Announcements

Cisco has released security updates to address several vulnerabilities in multiple Cisco products. The released security updates fix several vulnerabilities affecting multiple Cisco products such as RV016, RV042, RV042G, and RV082 Routers, IP Phone 7800 and 8800 Series, Industrial Network Director (IND), and Cisco Webex Room Phone. The addressed vulnerabilities could allow the attacker to send a specially

Cisco Security Updates 12 January 2023 Read More »

Juniper Networks Security Updates 12 January 2023

Alerts

Juniper Networks has released security updates to address several vulnerabilities affecting multiple products. Juniper Networks Junos OS and Junos OS Evolved are vulnerable to a denial of service. The remote attacker could exploit some of these vulnerabilities to crash the application by sending a specially-crafted request. Sample of the addressed vulnerabilities: Juniper Networks Junos OS and Junos

Juniper Networks Security Updates 12 January 2023 Read More »

Vidar Stealer Malware 12 January 2023

Alerts

Vidar is a trojan malware based on a project called Arkei written in the C++ programming language that steals information and cryptocurrency from infected users. It is being used as malware-as-a-service on underground forums by Russianspeaking sellers. The Vidar stealer enables the threat actors to collect a wide range of information from compromised systems including Web browser cookies, history,

Vidar Stealer Malware 12 January 2023 Read More »

Adobe Security Updates 11 January 2023

Alerts

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a denial of service on the affected system. Sample of the addressed vulnerabilities: 1. Adobe Acrobat and Adobe Reader

Adobe Security Updates 11 January 2023 Read More »

Google Chrome Security Update 11 January 2023

Alerts

Google has released an updated Chrome version (109.0.5414.74/.75) for Windows, (109.0.5414.74) for Linux, and (109.0.5414.87) for Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security restrictions, or cause a denial of service on the vulnerable system, by persuading the victim to visit a specially crafted webpage. Sample of the

Google Chrome Security Update 11 January 2023 Read More »

Microsoft January 2023 Patch Tuesday

Alerts, Announcements

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains a fix for an actively exploited zero-day vulnerability. Microsoft has fixed (98) vulnerabilities, with (11) classified as critical as they allow remote code execution, bypass security features, or elevation of privileges. January’s Patch Tuesday was released to fix security flaws in

Microsoft January 2023 Patch Tuesday Read More »

SAP January 2023 Security Patch Day

Alerts, Announcements

SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (3) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP BPC MS 10.0, SAP BusinessObjects Business Intelligence platform, SAP NetWeaver Process Integration, SAP NetWeaver AS for Java, SAP NetWeaver

SAP January 2023 Security Patch Day Read More »

Zoom Security Updates 09 January 2023

Alerts

Zoom has released security updates to fix vulnerabilities in multiple products. the addressed vulnerabilities could allow the locally authenticated attacker to gain elevated privileges, bypass security restrictions, or traverse directories on the system. Samples of the addressed vulnerabilities: 1. Zoom Rooms for macOS Privilege Escalation (CVE-2022-36926): • CVSS: 8.8 • Attack Vector: Local • Attack Complexity: Low

Zoom Security Updates 09 January 2023 Read More »

Fortinet Security Updates 04 January 2023

Alerts

Fortinet has released security updates to address multiple vulnerabilities across multiple products. The severity of the addressed vulnerabilities could allow the attacker to gain access, and execute or inject arbitrary code in the management interface or commands via specifically crafted HTTP requests on the affected products. Sample of the addressed vulnerabilities: 1. FortiADC – Command Injection in Web

Fortinet Security Updates 04 January 2023 Read More »

Trend Micro Security Update 02 January 2023

Alerts

Trend Micro has released a security update to address a vulnerability affecting Trend Micro Maximum Security version 2022 (v17.7). The severity of the addressed vulnerability could allow the low-privileged attacker to write a malicious executable to a specific location and in the process of removal and restoral, the attacker could replace an original folder with a mount point

Trend Micro Security Update 02 January 2023 Read More »

Juniper Networks Security Update 25 November 2022

Alerts

Juniper Networks has released a security update to address a high-severity vulnerability affecting Junos OS 22.3R1 and Junos OS Evolved 22.3R1-EVO. The addressed vulnerability is caused by improper input validation in the Routing Protocol Daemon (rpd). The remote attacker could exploit this vulnerability by sending a specially-crafted BGP update message to cause a denial of service attack on the

Juniper Networks Security Update 25 November 2022 Read More »

Linux Kernel Security Update 25 December 2022

Alerts, Announcements

Linux kernel is affected by a critical issue in ksmbd before version 5.19.2. KSMBD is a Linux kernel server that implements SMB3 protocol in kernel space for sharing files over the network. The severity of the mentioned vulnerability could allow the remote attacker to execute code on the affected systems. Linux Kernel Ksmbd Use-After-Free Remote Code Execution

Linux Kernel Security Update 25 December 2022 Read More »

New Exploit Method for Microsoft Exchange “OWASSRF”

Alerts, Announcements

Referring to EG-FinCIRT report “Microsoft November 2022 Patch Tuesday” Number 257/2022, Threat actors and ransomware groups discovered a new exploit method that bypasses Microsoft Exchange “ProxyNotShell” mitigations. Threat actors leveraging a new exploit chain method called “OWASSRF” that bypasses blocking rules for “ProxyNotShell” (CVE-2022-41040 and CVE-2022-41082) vulnerabilities in Microsoft Exchange Server and taking advantage of the privilege escalation vulnerability

New Exploit Method for Microsoft Exchange “OWASSRF” Read More »

IBM Security Updates 20 December 2022

Alerts, Announcements

IBM has released security updates to fix third-party components vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, perform a Cross-Site Scripting attack, perform a Server-Side Request Forgery Attack (SSRF) attack, perform a Log Injection attack, execute arbitrary code and cause a denial of service attack on the affected products. Sample of

IBM Security Updates 20 December 2022 Read More »

Tenable Security Updates 19 December 2022

Alerts, Announcements

Tenable has released security updates to fix multiple vulnerabilities in Tenable’s third-party components (moment.js, handlebars). The severity of the addressed vulnerabilities could allow the remote attacker to gain access or cause a denial of service attack on the affected system. Samples of the addressed vulnerabilities: 1. Moment.js Directory Traversal (CVE-2022-24785): CVSS: 9.8 Attack Vector: Network Attack Complexity:

Tenable Security Updates 19 December 2022 Read More »

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.