Amazon confirms employee data exposed in leak linked to MOVEit vulnerability

November 12, 2024 at 08:37AM Amazon employees’ data was included in a leak linked to the MOVEit vulnerability, affecting over 2.86 million records. Although Amazon maintains system security, the stolen information includes employee contact details, potentially facilitating social engineering threats. The data is being circulated by a user named Nam3L3ss on BreachForums. ### Meeting Takeaways … Read more

US and UK govts warn: Russia scanning for your unpatched vulnerabilities

October 11, 2024 at 11:13PM A joint advisory from US and UK agencies warns of a massive Russian hacking campaign exploiting known vulnerabilities, led by APT29. Organizations are urged to prioritize patching systems and improve cyber defenses. Additionally, phone phishing scams are on the rise, and GitLab users need to patch critical vulnerabilities urgently. Here … Read more

LG Smart TVs at Risk of Attacks, Thanks to 4 OS Vulnerabilities

April 9, 2024 at 04:58PM Researchers at Bitdefender have identified four vulnerabilities in LG webOS, affecting various smart TV models and exposing around 91,000 devices. These bugs include command injection, privilege escalation, and bypass vulnerabilities, tracked as CVE-2023-6317, CVE-2023-6318, CVE-2023-6319, and CVE-2023-6320. LG released security updates after being alerted in November 2023. Users should check … Read more

About the security content of iTunes 12.13.1 for Windows – Apple Support

March 14, 2024 at 02:54PM Summary: Apple ID HT214091 released an update on December 14, 2023, addressing CVE-2023-42938, a logic issue with improved checks. The impact is that a local attacker may elevate their privileges. The affected product is the Mobile Device Service, with the update available for Windows 10 and later. Based on the … Read more

CISA Warns of Roundcube Webmail Vulnerability Exploitation

February 13, 2024 at 06:33AM CISA has included the CVE-2023-43770 Roundcube flaw in its exploited vulnerabilities catalog, raising concern over potential exploitation. This warning was conveyed in a post on SecurityWeek. As an executive assistant with expertise in generating clear takeaways from meeting notes, I would translate the information as follows: “In a recent update, … Read more

About the security content of iOS 15.8.1 and iPadOS 15.8.1 – Apple Support

January 22, 2024 at 01:42PM Apple has released an update addressing two security vulnerabilities in WebKit, affecting iOS devices before version 16.7.1. The vulnerabilities could lead to sensitive information disclosure and arbitrary code execution when processing web content. The update is available for specific iPhone and iPad models, and iPod touch. Meeting Takeaways: 1. Apple … Read more

Two more Citrix NetScaler bugs exploited in the wild

January 18, 2024 at 10:38AM Two vulnerabilities in Citrix’s NetScaler ADC and Gateway products, CVE-2023-6548 and CVE-2023-6549, have been patched. The first allows remote code execution with authentication and access to specific IPs, while the second can lead to a denial-of-service attack. Customers are advised to update their affected products promptly to prevent exploitation. Key … Read more

Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs

January 8, 2024 at 06:18AM The number of CNA organizations and CVE identifiers increased in 2023. There were 28,902 published CVEs with an average of 80 new CVEs per day, and the average CVSS score was 7.12. The number of new CNAs announced increased to 84, totaling nearly 350 CNAs from 38 countries. The top … Read more

About the security content of macOS Sonoma 14.2.1 – Apple Support

December 19, 2023 at 01:42PM Summary: Apple released an update on December 19, 2023, addressing a session rendering issue (CVE-2023-42940) that could cause users sharing their screen to inadvertently share incorrect content. The update is available for macOS Sonoma, specifically targeting the affected product, WindowServer. Based on the meeting notes provided, the key points are … Read more

About the security content of macOS Ventura 13.6.3 – Apple Support

December 11, 2023 at 01:45PM Summary: Apple has addressed various security issues with improved redaction, memory handling, and logic checks in macOS Ventura. The updates aim to prevent unauthorized access to sensitive user data across products like Accounts, AppleEvents, CoreServices, and more. Additionally, upgrades for specific applications like Vim and ncurses are available to mitigate … Read more