Alerts

ManageEngine has released security updates to address multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, manipulate data, or obtain information from the affected system. Sample of the addressed vulnerabilities: 1. ManageEngine ServiceDesk Plus MSP Security Bypass Vulnerability (CVE-2023-22964): • CVSS: 8.1 • Attack Vector: Network • Attack Complexity: High […]

Microsoft has released an updated Microsoft Edge stable version to fix multiple vulnerabilities in Microsoft Edge (Chromium-based). The severity of the addressed vulnerabilities could allow the remote attacker to bypass security restrictions or gain elevated privileges on the affected system. Sample of the addressed vulnerabilities: 1. Microsoft Edge Elevation of Privilege Vulnerability (CVE-2023-21795): • CVSS: 8.3 •

Apple has released security updates to address multiple vulnerabilities in the updated version of macOS Big Sur 11.7.3, macOS Monterey 12.6.3, macOS Ventura 13.2, and Safari 16.3. The severity of the addressed vulnerabilities could allow the attacker to execute arbitrary code on the affected system by mounting a maliciously crafted Samba network share or persuading a victim to open

Cisco has released security updates to address several vulnerabilities in multiple Cisco products. The released security updates fix several vulnerabilities affecting multiple Cisco products such as Cisco (Unified CM) and (Unified CM SME) and Email Security Appliance (ESA). The severity of the addressed vulnerability in the web-based management interface could allow the remote attacker to bypass security restrictions, conduct SQL

Mozilla has released security updates to fix vulnerabilities in Firefox 109 and Firefox ESR 102.7. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, perform spoofing attacks, bypass security restrictions, execute arbitrary code and gain access to the affected products. Successful exploitation of these vulnerabilities may result in a complete compromise of vulnerable systems. Sample of

Raccoon is a Trojan malware written in C/C++ that steals information and cryptocurrency from infected users. It is being used as Malware-as-a-service (MaaS) on underground forums by Ukrainian-speaking sellers. Raccoon enables threat actors to steal sensitive information, including credit card details, home addresses, phone numbers, email accounts, and login credentials from infected systems. The Tactics and Techniques of Raccoon

Apache has released a security update to fix multiple vulnerabilities in Apache HTTP Server. Apache HTTP Server version 2.4.54 and earlier is vulnerable to several attacks such as HTTP request smuggling, HTTP response splitting, and denial of service attacks. The severity of the mentioned vulnerabilities could allow the attacker to gain access to the affected systems and cause a

Microsoft has released an updated Microsoft Edge Stable version (109.0.1518.49) to fix multiple vulnerabilities in Microsoft Edge (Chromium-based). The addressed vulnerabilities could allow the remote attacker to gain elevated privileges or execute arbitrary code on the affected system by persuading the victim to visit a specially-crafted webpage. Sample of the addressed vulnerabilities: 1. Chromium Remote Code Execution Vulnerability

Juniper Networks has released security updates to address several vulnerabilities affecting multiple products. Juniper Networks Junos OS and Junos OS Evolved are vulnerable to a denial of service. The remote attacker could exploit some of these vulnerabilities to crash the application by sending a specially-crafted request. Sample of the addressed vulnerabilities: Juniper Networks Junos OS and Junos

Vidar is a trojan malware based on a project called Arkei written in the C++ programming language that steals information and cryptocurrency from infected users. It is being used as malware-as-a-service on underground forums by Russianspeaking sellers. The Vidar stealer enables the threat actors to collect a wide range of information from compromised systems including Web browser cookies, history,

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a denial of service on the affected system. Sample of the addressed vulnerabilities: 1. Adobe Acrobat and Adobe Reader

Google has released an updated Chrome version (109.0.5414.74/.75) for Windows, (109.0.5414.74) for Linux, and (109.0.5414.87) for Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security restrictions, or cause a denial of service on the vulnerable system, by persuading the victim to visit a specially crafted webpage. Sample of the

Zoom has released security updates to fix vulnerabilities in multiple products. the addressed vulnerabilities could allow the locally authenticated attacker to gain elevated privileges, bypass security restrictions, or traverse directories on the system. Samples of the addressed vulnerabilities: 1. Zoom Rooms for macOS Privilege Escalation (CVE-2022-36926): • CVSS: 8.8 • Attack Vector: Local • Attack Complexity: Low

Fortinet has released security updates to address multiple vulnerabilities across multiple products. The severity of the addressed vulnerabilities could allow the attacker to gain access, and execute or inject arbitrary code in the management interface or commands via specifically crafted HTTP requests on the affected products. Sample of the addressed vulnerabilities: 1. FortiADC – Command Injection in Web