Alerts

VMware has released security updates to fix multiple vulnerabilities across multiple Vmware products. The addressed vulnerabilities could allow the remote attacker to perform cross-site scripting attacks, or disclose sensitive information from the affected products using a specially crafted URL to redirect the victim to the attacker-controlled domain. Sample of the addressed vulnerabilities: VMware Insecure Redirect

Google has released an updated Chrome version (114.0.5735.90/91) for Windows and (114.0.5735.90) for Linux and Mac to fix multiple vulnerabilities. Write here analysis sectionThe addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code on the system, or bypass security restrictions by persuading the victim to visit a specially crafted webpage. Sample

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. The addressed vulnerabilities could allow the attacker to obtain sensitive information, execute arbitrary code and gain access to the affected versions by persuading the victim to open a specially-crafted file. Sample of the addressed vulnerabilities: Adobe Acrobat Reader DC Code Execution

Apache has released a security update to address a vulnerability in Apache Tomcat. The addressed vulnerability could allow the remote attacker to cause a denial of service by sending a specially crafted request using query string parameters. Apache Tomcat Denial of Service Vulnerability (CVE-2023-28709): CVSS: 7.5 Attack Vector: Network Attack Complexity: Low Privileges Required: None

Anonymous Sudan is a group known for their hacktivist activities targeting many sectors across the world such as government, banking, and medicine. Anonymous Sudan is mostly involved in DDoS attacks and rarely in other types of attacks against major countries such as Sweden, Germany, France, and the United Arab Emirates. Recently, the threat group made

Apple has released security updates to address multiple vulnerabilities across macOS Ventura, macOS Monterey, macOS Big Sur, and Safari. The mentioned updates contain fixes for three zero-day vulnerabilities. The addressed vulnerabilities could allow the attacker to gain access, escalate privileges, bypass security restrictions, obtain information, or execute arbitrary code on the affected systems. Sample of

Google has released an updated Chrome version (113.0.5672.126/.127) for Windows and (113.0.5672.126) for Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to gain access, cause the application to crash, or execute arbitrary code on the affected system by persuading the victim to visit a specially crafted website. Sample of the

VMware has released a security update to fix multiple vulnerabilities across VMware Aria Operations (formerly vRealize Operations) and VMware Cloud Foundation. addressed vulnerabilities could allow the authenticated attacker to gain elevated privileges on the affected system by sending a specially crafted request. Sample of the addressed vulnerabilities: VMware Aria Operations Privilege Escalation (CVE-2023-20877): CVSS: 8.8

Palo Alto has released security updates addressing vulnerabilities in multiple products. The addressed vulnerabilities could allow the attacker to store a JavaScript payload in the web interface or export local files from the firewall through a race condition. The addressed vulnerabilities: 1. Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama WebInterface (CVE-2023-0007): CVSS: 6.5 Attack

Intel has released security updates to fix several vulnerabilities in multiple products. addressed vulnerabilities could allow the attacker to escalate privileges, obtain sensitive information, or cause a denial of service attack on the affected products. Sample of the addressed vulnerabilities: 1- Intel i915 Graphics Drivers for Linux Privilege Escalation (CVE-2023-28410): CVSS: 8.8 Attack Vector: Local

Citrix has released security updates to address several vulnerabilities in Citrix ADC and Citrix Gateway. The addressed vulnerabilities could allow the remote attacker to gain unauthorized access to the system, or perform a cross-site scripting attack to steal the victim’s cookie-based authentication credentials. The addressed vulnerabilities: 1. Citrix ADC and Gateway Unauthorized Access (CVE-2023-24487): CVSS: 6.3

Mozilla has released security updates to fix vulnerabilities in Firefox 113, and Firefox ESR 102.11 The addressed vulnerabilities could allow the remote attacker to gain access, obtain sensitive information, conduct a spoofing attack, bypass security restrictions, execute arbitrary code, or cause a denial of service attack on the affected products. Sample of the addressed vulnerabilities:

Microsoft has released an updated Edge version (113.0.1774.35) to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to conduct spoofing attacks, bypass security restrictions, or gain Privileges on the affected systems by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Microsoft Edge (Chromium-based) Privilege Escalation (CVE-2023-29350):