Alerts

EG-FinCIRT has detected a massive phishing campaign focused on collecting credentials of financial institutions’ employees. The detected phishing campaign targets the organizations’ employees by sending a phishing email from a newly created domain to ensure they have clean records to alert the targeted users about “E-mail Storage Full” and persuade them to enter their username […]

Tenable Nessus has released an updated version (Nessus 8.15.6) to fix multiple vulnerabilities. The remote attacker could exploit these vulnerabilities to execute commands with administrator privileges and read arbitrary files without providing any valid SSH credentials. The most severe of the addressed vulnerability could allow the remote attacker to trick the victim to open a

Palo Alto has released security updates to address a vulnerability in Palo Alto Networks PAN-OS. The remote attacker could exploit this vulnerability to take control of the affected system. Palo Alto Networks PAN-OS is vulnerable to a denial of service, caused by a misconfiguration flaw in the URL filtering policy. The remote attacker could exploit

Zoho has addressed a new vulnerability that leads to remote code execution on multiple affected products. Multiple Zoho ManageEngine products could allow the remote authenticated attacker to execute arbitrary code on the system. The attacker could exploit this vulnerability to execute arbitrary code on the system by sending a specially-crafted request to carry out changes

Intel has released security updates to address vulnerabilities in multiple products. The attackers could exploit some of these vulnerabilities to escalate privileges, disclose information or cause denial of service. The released security updates are to address multiple products such as Intel Data Center Manager, Intel Active Management Technology (AMT) and Intel Standard Manageability, Intel® Driver

Linux kernel has released security updates to address multiple vulnerabilities. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The addressed vulnerabilities could allow the remote attacker to take control of the affected system, disclose information, gain write access to read-only memory mappings, increase their privileges on the

Adobe has released security updates to address vulnerabilities that affect Adobe Acrobat Reader products for Windows and macOS. The addressed vulnerabilities could allow the remote attacker to gain access and obtain information on the affected systems. Samples of the addressed vulnerabilities: Adobe Acrobat and Adobe Reader code execution (CVE-2022-35665): CVSS: 7.8 Attack Vector: Local Attack

Kaspersky has released a security update to address a high vulnerability that affects Kaspersky’s VPN secure connection. The attacker could exploit this vulnerability to take control of the affected systems. Kaspersky’s VPN secure connection 21.3.10.391(h) is vulnerable to a high-severity local privilege-escalation (LPE) vulnerability which would allow the attacker to gain administrative privileges and take

Red Hat, Ubuntu, and Debian released security updates to address vulnerabilities affecting multiple products. The addressed vulnerabilities could allow the remote attacker to take control of the affected system, disclose information, escalate privileges and cause a denial of service. Sample of the addressed vulnerabilities: Git client Plugin man-in-the-middle (CVE-2022-36881): CVSS: 8.1 Attack Vector: Network Attack

F5 has released security patches for August 2022 to address several vulnerabilities across multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system, disclose information, escalate privileges and cause a denial of service. The addressed vulnerabilities could allow the remote authenticated attacker to take control of the

Cisco has released a security update to fix vulnerabilities across multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The severity of the addressed vulnerabilities could allow the attackers to perform several attacks like bypassing security restrictions, cross-site scripting, frame hijacking attack, obtaining sensitive information, denial

Atlassian Jira Server and Data Center could allow the remote authenticated attacker to execute arbitrary code on the system. The remote attacker could exploit the addressed vulnerability by using a specially crafted velocity template to execute arbitrary code on the system via template injection, leading to Remote Code Execution (RCE) in the email templates feature.

Fortinet has released security updates to address several vulnerabilities in multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The addressed vulnerabilities could allow the attackers to perform several attacks like executing unauthorized code or commands, improper access control, and information disclosure on the affected system.

Google Chrome has released security updates for Windows versions (104.0.5112.79/80/81) and for Linux and Mac versions (104.0.5112.79). The remote attacker could exploit some of these vulnerabilities to take control of the affected system, obtain information and cause a denial of service. Samples of the addressed vulnerabilities: Google Chrome Safe Browsing code execution (CVE-2022-2604): CVSS: 8.8

Samba has released a security update to address multiple vulnerabilities in the software affecting several versions. The remote attacker could exploit this vulnerability to bypass security, obtain information, cause a denial of service and gain privileges on the system. All versions of Samba are affected by CVE-2022-3274, Samba 4.3, and later is affected by CVE-2022-32744.

IBM has released a security update to address a critical vulnerability affecting PowerVM VIOS 3.1. The remote attacker could exploit this vulnerability to tamper with system configuration or cause a denial of service. VIOS is part of the PowerVM® Editions hardware feature. The VIOS is software that is located in the logical partition. This software