Alerts

Zoom has released security updates to fix vulnerabilities in Zoom Rooms, Zoom Windows Client, and Zoom Client SDK. The addressed vulnerabilities could allow the attacker to escalate privileges, or disclose information on the affected systems. Sample of the addressed vulnerabilities: 1. Zoom Rooms Improper Input Validation (CVE-2023-36538): CVSS: 8.4 Attack Vector: Local Attack Complexity: Low

Apple has released a security update to fix a zero-day vulnerability affecting macOS Ventura, and Safari. The addressed vulnerability could allow the remote attacker to gain access, and execute arbitrary code on the affected system by persuading the victim to visit a specially crafted website. The addressed vulnerability: Apple iOS, iPadOS, and macOS Ventura Code

IBM has released security updates to fix multiple vulnerabilities in IBM Db2 versions (10.5.0.11, 11.1.4.7, 11.5.x), and IBM Db2 JDBC drivers. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a denial of service attack on the affected product. Sample of the addressed vulnerabilities: 1. IBM Db2 Denial of Service

Aruba has released security updates to fix several vulnerabilities in multiple versions of Aruba Networks ArubaOS. The addressed vulnerabilities could allow the attacker to execute arbitrary commands, directory traversal, obtain sensitive information, cause a cross-site scripting attack, or gain access to the affected software versions. Sample of the addressed vulnerabilities: 1. Aruba Networks ArubaOS Cross-Site

Akira ransomware operation has increased its activity recently and first emerged in April 2023 targeting finance, education, real estate, manufacturing, and consulting sectors organizations around the world. Akira is based on the source code of Conti ransomware. Akira is a ransomware written in C++ that encrypts local files. Encrypted files have the extension “.akira” appended

Cisco has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to perform a cross-site scripting attack, gain elevated privileges, obtain sensitive information by reading or modifying the traffic transmitted between the sites, or gain access to the affected products. Sample of the addressed vulnerabilities: 1. Cisco

Mozilla has released an updated Firefox version 115, and Firefox ESR version 102.13 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to gain access, conduct a spoofing attack, bypass security restrictions, or execute arbitrary code by sending a specially crafted request to the affected system. Sample of the addressed vulnerabilities: Mozilla

Google has released an updated Chrome version (114.0.5735.198/199) for Windows and (114.0.5735.198) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to gain access, cause the application to crash, or execute arbitrary code on the affected system by persuading the victim to visit a specially crafted website. Sample

Security researchers have discovered an unpatched vulnerability in Microsoft Teams that could allow remote attackers to send malware to unsuspecting employees. Microsoft Teams’ default configuration allows users from outside (external tenants) of their organization to reach out to their staff members. The application doesn’t allow external tenants from sending files. However, security researchers discovered an

Apache has released security updates to address a vulnerability in multiple Apache Tomcat versions. The addressed vulnerability could allow the remote attacker to obtain sensitive information by sending a specially crafted HTTP request to the affected versions. Apache Tomcat Information Disclosure (CVE-2023-34981): CVSS: 7.5 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction:

VMware has released security updates to fix multiple vulnerabilities in VMware vCenter Server and Cloud Foundation. The addressed vulnerabilities could allow the attacker to execute arbitrary code, cause memory corruption, a denial of services attack, or an out-of-bound write/read on the affected system. Sample of the addressed vulnerabilities: 1. VMware vCenter Server heap-overflow Vulnerability (CVE-2023-20892):

Apple has released security updates to address multiple vulnerabilities across multiple products. The severity of the addressed vulnerabilities could allow the attacker to execute arbitrary code, gain access or gain elevated privileges on the affected systems by persuading a victim to visit a specially crafted web site. Sample of the addressed vulnerabilities: 1. Apple macOS

Cisco has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to perform a cross-site scripting attack by persuading a user of an affected interface to click a crafted link or bypass security restrictions on Cisco Duo caused by the incorrect handling of responses from Cisco Duo

Juniper has released security updates to fix a vulnerability across Junos OS and Junos OS Evolved. The addressed vulnerability could allow the remote attacker to cause a denial of service attack on the affected products by sending a BGP update containing a specific, optional transitive attribute. Juniper Networks Junos OS and Junos OS Evolved Denial