Alerts

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains a fix for an actively exploited zero-day vulnerability. Microsoft has fixed (98) vulnerabilities, with (11) classified as critical as they allow remote code execution, bypass security features, or elevation of privileges. January’s Patch Tuesday was released to fix security flaws in […]

SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (3) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP BPC MS 10.0, SAP BusinessObjects Business Intelligence platform, SAP NetWeaver Process Integration, SAP NetWeaver AS for Java, SAP NetWeaver

Linux kernel is affected by a critical issue in ksmbd before version 5.19.2. KSMBD is a Linux kernel server that implements SMB3 protocol in kernel space for sharing files over the network. The severity of the mentioned vulnerability could allow the remote attacker to execute code on the affected systems. Linux Kernel Ksmbd Use-After-Free Remote Code Execution

Referring to EG-FinCIRT report “Microsoft November 2022 Patch Tuesday” Number 257/2022, Threat actors and ransomware groups discovered a new exploit method that bypasses Microsoft Exchange “ProxyNotShell” mitigations. Threat actors leveraging a new exploit chain method called “OWASSRF” that bypasses blocking rules for “ProxyNotShell” (CVE-2022-41040 and CVE-2022-41082) vulnerabilities in Microsoft Exchange Server and taking advantage of the privilege escalation vulnerability

IBM has released security updates to fix third-party components vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, perform a Cross-Site Scripting attack, perform a Server-Side Request Forgery Attack (SSRF) attack, perform a Log Injection attack, execute arbitrary code and cause a denial of service attack on the affected products. Sample of

Tenable has released security updates to fix multiple vulnerabilities in Tenable’s third-party components (moment.js, handlebars). The severity of the addressed vulnerabilities could allow the remote attacker to gain access or cause a denial of service attack on the affected system. Samples of the addressed vulnerabilities: 1. Moment.js Directory Traversal (CVE-2022-24785): CVSS: 9.8 Attack Vector: Network Attack Complexity:

Tenable has released a security update to fix a vulnerability in Tenable.ad’s thirdparty component Erlang. The addressed vulnerability could allow the remote attacker to perform a client authentication bypass in certain client-certification situations for SSL, TLS, and DTLS via sending a specially-crafted request. The remote attacker could exploit this vulnerability to gain access to the affected system and bypass

Apple has released security updates to address multiple vulnerabilities in the updated version of macOS Big Sur 11.7.2, macOS Monterey 12.6.2, macOS Ventura 13.1, and Safari 16.2. In addition, the mentioned updates fix a zero-day vulnerability actively exploited in the wild. The severity of the addressed vulnerabilities could allow the remote attacker to gainaccess to sensitive information, bypass

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains fixes for two zero-day vulnerabilities. One has been exploited in the wild and the other has been publicly disclosed. Microsoft has fixed (49) vulnerabilities, with (6) classified as critical as they allow remote code execution, denial of service attack, or elevation

VMware has released security updates to fix vulnerabilities across multiple products. severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary commands via specially crafted requests to gain access and obtain information from the affected products. Sample of the addressed vulnerabilities: 1. VMware vRealize Network Insight command execution (CVE-2022-31702) • CVSS: 9.8 • Attack Vector: