February 5, 2024 at 05:07PM Microsoft is investigating an issue where Outlook triggers security alerts when opening .ICS calendar files post-December 2023 Patch Tuesday Office updates. Users are affected by warning dialog boxes, and the company is working on a fix for this bug and related security warning due to CVE-2023-35636. A temporary registry key … Read more
November 28, 2023 at 10:00AM Threat actors are actively exploiting a critical information disclosure vulnerability in ownCloud’s Graphapi app. The vulnerability allows attackers to retrieve sensitive credentials and system information. The flaw affects Graphapi versions 0.2.0 to 0.3.0 and cannot be mitigated by disabling the app alone. Administrators are urged to follow the mitigation steps … Read more
November 22, 2023 at 09:06AM Microsoft has launched a new bug bounty program called the Microsoft Defender Bounty Program. The program invites researchers to find vulnerabilities in Defender products and services and earn rewards ranging from $500 to $20,000. The highest rewards are given for critical-severity remote code execution bugs. Researchers must report flaws within … Read more
November 22, 2023 at 07:12AM Authorities in Australia, the US, and tech company Citrix have issued warnings about a critical vulnerability in the NetScaler product. Dubbed CitrixBleed, the bug allows information disclosure and affects Netscaler ADC and Gateway appliances configured as a gateway or AAA server. The flaw, which has been exploited since August and … Read more
November 15, 2023 at 02:57AM Intel has released fixes for a high-severity flaw called Reptar that affects its desktop, mobile, and server CPUs. The vulnerability, tracked as CVE-2023-23583, allows for privilege escalation, information disclosure, denial of service, and bypassing of security boundaries. Intel has published updated microcode for all affected processors and there is currently … Read more
November 7, 2023 at 08:06AM Google has released the November 2023 Android security updates, addressing 37 vulnerabilities. The first part of the update, the 2023-11-01 security patch level, addresses 15 vulnerabilities in Android’s Framework and System components, including a critical security vulnerability. The second part, the 2023-11-05 security patch level, fixes 22 security defects in … Read more
November 6, 2023 at 05:24AM Microsoft has confirmed that the four Exchange vulnerabilities disclosed by Trend Micro’s Zero Day Initiative (ZDI) either have been patched or do not require immediate attention. ZDI had identified the high-severity vulnerabilities but clarified that they are not actual zero-days and have not been exploited in the wild. Microsoft stated … Read more
October 25, 2023 at 04:08PM A critical security update has been released for the Citrix NetScaler vulnerability, but an exploit is also available. The exploit is simpler to use and allows attackers to read session tokens and gain access to environments. Patching may not be enough as hijacked sessions can persist even after applying patches. … Read more
October 25, 2023 at 11:30AM A proof-of-concept exploit has been released for the ‘Citrix Bleed’ vulnerability (CVE-2023-4966) allowing attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances. The vulnerability was previously abused as a zero-day in limited attacks and Citrix has urged administrators to patch the flaw immediately. The … Read more
October 25, 2023 at 05:06AM VMware has released security updates to address a critical vulnerability in vCenter Server that can be exploited for remote code execution attacks. The vulnerability (CVE-2023-34048) allows unauthenticated attackers to remotely exploit it without user interaction. VMware has made patches available for affected products, including end-of-life versions. Administrators are advised to … Read more