Alerts

Intel has released security updates to address vulnerabilities in multiple products. The attackers could exploit some of these vulnerabilities to escalate privileges, disclose information or cause denial of service. The released security updates are to address multiple products such as Intel Data Center Manager, Intel Active Management Technology (AMT) and Intel Standard Manageability, Intel® Driver […]

Linux kernel has released security updates to address multiple vulnerabilities. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The addressed vulnerabilities could allow the remote attacker to take control of the affected system, disclose information, gain write access to read-only memory mappings, increase their privileges on the

Adobe has released security updates to address vulnerabilities that affect Adobe Acrobat Reader products for Windows and macOS. The addressed vulnerabilities could allow the remote attacker to gain access and obtain information on the affected systems. Samples of the addressed vulnerabilities: Adobe Acrobat and Adobe Reader code execution (CVE-2022-35665): CVSS: 7.8 Attack Vector: Local Attack

Kaspersky has released a security update to address a high vulnerability that affects Kaspersky’s VPN secure connection. The attacker could exploit this vulnerability to take control of the affected systems. Kaspersky’s VPN secure connection 21.3.10.391(h) is vulnerable to a high-severity local privilege-escalation (LPE) vulnerability which would allow the attacker to gain administrative privileges and take

Red Hat, Ubuntu, and Debian released security updates to address vulnerabilities affecting multiple products. The addressed vulnerabilities could allow the remote attacker to take control of the affected system, disclose information, escalate privileges and cause a denial of service. Sample of the addressed vulnerabilities: Git client Plugin man-in-the-middle (CVE-2022-36881): CVSS: 8.1 Attack Vector: Network Attack

F5 has released security patches for August 2022 to address several vulnerabilities across multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system, disclose information, escalate privileges and cause a denial of service. The addressed vulnerabilities could allow the remote authenticated attacker to take control of the

Cisco has released a security update to fix vulnerabilities across multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The severity of the addressed vulnerabilities could allow the attackers to perform several attacks like bypassing security restrictions, cross-site scripting, frame hijacking attack, obtaining sensitive information, denial

Atlassian Jira Server and Data Center could allow the remote authenticated attacker to execute arbitrary code on the system. The remote attacker could exploit the addressed vulnerability by using a specially crafted velocity template to execute arbitrary code on the system via template injection, leading to Remote Code Execution (RCE) in the email templates feature.

Fortinet has released security updates to address several vulnerabilities in multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The addressed vulnerabilities could allow the attackers to perform several attacks like executing unauthorized code or commands, improper access control, and information disclosure on the affected system.

Google Chrome has released security updates for Windows versions (104.0.5112.79/80/81) and for Linux and Mac versions (104.0.5112.79). The remote attacker could exploit some of these vulnerabilities to take control of the affected system, obtain information and cause a denial of service. Samples of the addressed vulnerabilities: Google Chrome Safe Browsing code execution (CVE-2022-2604): CVSS: 8.8

Samba has released a security update to address multiple vulnerabilities in the software affecting several versions. The remote attacker could exploit this vulnerability to bypass security, obtain information, cause a denial of service and gain privileges on the system. All versions of Samba are affected by CVE-2022-3274, Samba 4.3, and later is affected by CVE-2022-32744.

IBM has released a security update to address a critical vulnerability affecting PowerVM VIOS 3.1. The remote attacker could exploit this vulnerability to tamper with system configuration or cause a denial of service. VIOS is part of the PowerVM® Editions hardware feature. The VIOS is software that is located in the logical partition. This software

Trend Micro has released the security update for spyware pattern for Trend Micro Apex One that resolves the agent link following local privilege escalation vulnerability related to the scanning function. The remote attacker could exploit this vulnerability to escalate privileges on the system. The addressed vulnerability could allow the authenticated attacker to gain elevated privileges

Drupal has released multiple security updates to address vulnerabilities affecting versions 9.4, 9.3, and 9.7. The remote attacker could exploit these vulnerabilities to take control and disclose information about the affected system. The highest severity for the addressed vulnerabilities could allow the remote attacker to execute arbitrary code within the context of the vulnerable application,

Mozilla has released security updates to address multiple vulnerabilities in Mozilla Firefox 103 and Firefox ESR 91.12 and ESR 102.1. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The addressed vulnerabilities could be exploited remotely to allow the attackers to perform various attacks, like browser spoofing, information

HIVE is a ransomware family that has impacted Windows and Linux operating systems. It was originally written in Go Language but was rewritten in Rust in early 2022. It can encrypt both logical drives and remote network shares on execution. Hive new variant: The main difference between the new Hive variant and the old ones

Lockbit ransomware operation has released LockBit 3.0, which introduces bugbounty programs, and new tactics and techniques. LockBit is known to target the financial services sector heavily among other sectors. The authors of LockBit 3.0 have introduced new management features for affiliates and added Zcash for victim payments in addition to Monero and Bitcoin. Lockbit is