Citrix has released security updates for Citrix ADC and Citrix Gateway to fix multiple vulnerabilities. The severity of the addressed vulnerabilities could allow the remote attacker could exploit these vulnerabilities to take over the administrator’s account, take control of the affected system or bypass the security. Sample of the addressed vulnerabilities: Citrix ADC and Citrix […]
Citrix Security Updates – 09 November 2022 Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday, and with it comes fixes for six actively exploited zero-day vulnerabilities, with one being publicly disclosed.Microsoft has fixed (68) vulnerabilities, with (11) classified as Critical as they allow remote code execution, the elevation of privileges, or spoofing. November’s Patch Tuesday was released
Microsoft November 2022 Patch Tuesday Read More »
Fortinet has released security updates to address multiple vulnerabilities across multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The severity of the addressed vulnerabilities could allow the attacker to execute arbitrary code on the system or perform unintentional contact with remote servers by sending a specially-crafted input/configuration.
Fortinet Released Security Updates – 30 October 2022 Read More »
Google has released an emergency security update version (107.0.5304.87/.88) for Windows and (107.0.5304.87) for Mac and Linux to address a single vulnerability known to be exploited in attacks. The severity of the addressed vulnerability could allow the remote attacker to execute arbitrary code by persuading the victim to visit a specially crafted webpage on the affected system.
Google Chrome Zero-Day Patch – 28 October 2022 Read More »
Google has released updated Chrome versions 107.0.5304.62 for Mac, 107.0.5304.68 for Linux, and 107.0.5304.62/63 for Windows to fix multiple vulnerabilities. The remote attacker could exploit these vulnerabilities to take control of the affected system or cause a denial of service. The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code
Google Chrome Security Update – 27 October 2022 Read More »
Tenable Nessus has released an updated version (Nessus 10.3.1) to fix multiple vulnerabilities in the third-party components (moment.js, expat, datatables, libxml2, zlib). The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a denial of service condition on the affected products by sending a specially-crafted request. Sample of the addressed
Tenable Nessus Security Updates – 27 October 2022 Read More »
Aruba has released security updates to fix vulnerabilities in multiple productsrelated to WLAN and SD-WAN. The severity of the addressed vulnerabilities could allow the unauthenticated remote attacker to execute arbitrary code, cause a denial of service, and obtain information. Samples of the addressed vulnerabilities: 1- Command Injection in the PAPI protocol (CVE-2022-37897): CVSS: 9.8 Attack
Aruba Security Updates – 27 October 2022 Read More »
VMware has released security updates to fix vulnerabilities in multiple products. The severity of the addressed vulnerabilities could allow the unauthenticated remote attacker to execute arbitrary code or obtain information on the affected products. Samples of the addressed vulnerabilities: 1- VMware XStream command execution (CVE-2021-39144): CVSS: 9.8 Attack Vector: Network Attack Complexity: Low Privileges Required:
VMware Security Updates – 26 October 2022 Read More »
Apple has released security updates to address multiple vulnerabilities in the updated version of macOS Big Sur 11.7.1, macOS Monterey 12.6.1, macOS Ventura 13, and Safari 16.1. The remote attacker could exploit these vulnerabilities to take control of the affected system. The severity of the addressed vulnerabilities could allow the attackers to perform several attacks like bypassing security
Apple Security Updates – 26 October 2022 Read More »
F5 has released security updates for October 2022 to address several vulnerabilities across multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system, disclose information, escalate privileges and cause a denial of service. Samples of the addressed vulnerabilities: 1. F5 BIG-IP Advanced WAF and ASM iControl REST
F5 Security Updates – 20 October 2022 Read More »
Cisco has released security updates to fix vulnerabilities in multiple products. The severity of the addressed vulnerabilities could allow the remote attacker to take control of the affected system, and cause a denial of service. Sample of The Addressed Vulnerabilities: 1- Cisco Meraki MX and Z3 Teleworker Gateway VPN Denial of Service Vulnerability (CVE-2022-20933) CVSS:
Cisco Security Updates – 20 October 2022 Read More »
Oracle released its critical patch updates for October 2022, containing (370) new security patches for multiple affected products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. This critical patch update provides security updates to fix several vulnerabilities that may be remotely exploitable without authentication in a wide range of
Oracle Security Patch Updates – October 2022 Read More »
Mozilla has released security updates to fix vulnerabilities in Firefox 106 and Firefox ESR 102.4. The remote attacker could exploit these vulnerabilities to take control of the affected system, bypass security restrictions and cause a denial of service. The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the
Mozilla FireFox Security Updates -19 October 2022 Read More »
IBM has released security updates to fix several vulnerabilities across multiple products. The severity of the addressed vulnerabilities could allow the remote attacker to expose sensitive information or consume the memory resources of the affected system. Sample of the addressed vulnerabilities : IBM InfoSphere Information Server external entity injection (CVE-2022- 40747) CVSS: 8.2 Attack Vector:
IBM Security Updates -18 October 2022 Read More »
EG-FinCIRT has detected an Ongoing Phishing Campaign that started to target the Financial Sector in Egypt to deliver a new variant of Snake Keylogger Infostealer. Snake Keylogger is a modular .NET keylogger stealing sensitive information from a victim’s device, including saved credentials, the victim’s keystrokes, screenshots of the victim’s screen, and clipboard data. The malware
Ongoing Phishing Campaign -18 October 2022 Read More »
Linux has released security updates on multiple distributions. Linux Kernel 5.1 through 5.19.x before 5.19.16 is vulnerable to various remote code execution vulnerabilities, allowing the attacker to execute arbitrary code on the system and cause a denial of service. Sample of the addressed vulnerabilities: 1- Linux Kernel Code Execution (CVE-2022-42719): CVSS: 8 Attack Vector: Adjacent
Linux Security Updates – 16 October 2022 Read More »
Apache has released a security Update to address a critical vulnerability in Apache Commons. The remote attacker could exploit this vulnerability to take control of the affected system. Apache Commons Text is vulnerable to code execution caused by an insecure interpolation defaults flaw. The attacker could exploit this vulnerability by sending a specially-crafted input to execute arbitrary
Apache Security Update – 16 October 2022 Read More »
Aruba has released security updates for Aruba EdgeConnect Enterprise Orchestrator that address multiple critical security vulnerabilities. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The addressed vulnerabilities could allow the remote attacker to elevate privileges to administrators without credentials and allow arbitrary command execution on the underlying host leading
Aruba Released Security Updates – 16 October 2022 Read More »
Juniper Networks has released multiple security updates to address many vulnerabilities affecting multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system, and cause a denial of service. The most severe of the addressed vulnerabilities could allow the remote authenticated attacker with ‘WRITE’ permissions to store one
Juniper Networks Security Updates – 13 October 2022 Read More »
Palo Alto has released a security update to address a vulnerability in Palo Alto Networks PAN-OS. The remote attacker could exploit this vulnerability to take control of the affected system. Palo Alto Networks PAN-OS is vulnerable to authentication bypass vulnerability in the PAN-OS 8.1 web interface that could allow the network-based attacker with specific knowledge
Palo Alto Security Updates – 13 October 2022 Read More »
