July 18, 2024 at 11:03AM CISA and Adobe issued warnings about an actively exploited vulnerability in Adobe Commerce, allowing attackers to execute arbitrary code. Adobe released patches for affected versions and an isolated patch for the vulnerability. CISA included the vulnerability in its Known Exploited Vulnerabilities catalog, and federal agencies have until August 7 to … Read more
June 11, 2024 at 08:33PM Microsoft’s June Patch Tuesday addressed 49 CVE-tagged security flaws, including a critical bug in wireless networking and a publicly disclosed DNS vulnerability (CVE-2023-50868). It also included an RCE issue in Microsoft Message Queuing (CVE-2024-30080) and a Wi-Fi driver remote code execution hole (CVE-2024-30078). Adobe, SAP, PHP, Arm, Apple, Google, SolarWinds, … Read more
June 11, 2024 at 02:36PM Adobe has released fixes for critical vulnerabilities, addressing the risk of code execution attacks on Windows and macOS platforms. The vulnerabilities were identified in After Effects and Illustrator. This highlights the importance of applying patches promptly to mitigate potential security threats. Upon review of the meeting notes, it appears that … Read more
May 1, 2024 at 11:21AM Adobe recently expanded its bug bounty program to include Content Credentials and Adobe Firefly, offering incentives for hackers to search for and report security defects. The program aims to reinforce the resilience of Adobe’s implementation against traditional risks and unique considerations and to test the resilience of AI models. Interested … Read more
April 6, 2024 at 06:33AM Threat actors exploit a critical flaw in Magento, using CVE-2024-20720 to inject a backdoor for arbitrary code execution. The attack involves using Magento layout parser and beberlei/assert package to execute system commands via sed. Russian government has charged six individuals for using skimmer malware to steal credit card information from … Read more
January 12, 2024 at 11:41AM Veteran cybersecurity executive Brad Arkin has made the move from Cisco to Salesforce, assuming the role of Chief Trust Officer. With a background in security leadership at companies like Adobe, Arkin is expected to bolster confidence in Salesforce’s handling of customer data in an AI-first world, following the departure of … Read more
January 9, 2024 at 05:35PM Microsoft’s recent Patch Tuesday brought 49 Windows security updates and four high-severity Chrome flaws for Edge. Although there’s no active exploitation, two critical CVEs are listed as “exploitation more likely.” Adobe and SAP also released patches for their products, while Google’s Android Security Bulletin addressed 59 CVEs. No prior exploits … Read more
November 20, 2023 at 06:40PM The Cybersecurity and Infrastructure Security Agency (CISA) has been criticized for delays in updating its Known Exploited Vulnerabilities (KEV) catalog. The catalog, which lists vulnerabilities that attackers are actively exploiting, often lags behind public disclosure of vulnerabilities and the release of proof-of-concept (PoC) code. CISA’s requirement for clear remediation guidance … Read more
October 10, 2023 at 07:58PM Microsoft has released over 100 security updates, including fixes for two bugs that are already being actively exploited. One of the vulnerabilities, known as Rapid Reset, is an HTTP/2 weakness that has been used since August to launch distributed denial of service (DDoS) attacks. Microsoft WordPad also has an information … Read more
October 10, 2023 at 01:12PM Adobe has released patches for 13 security vulnerabilities in its products. Critical flaws in Adobe Commerce and Photoshop require immediate attention. The flaws could lead to arbitrary code execution, privilege escalation, and denial-of-service attacks. The affected software versions include Adobe Commerce and Magento Open Source. Adobe has also fixed a … Read more