January 11, 2024 at 04:01AM Cisco has issued software updates to address a critical security flaw (CVE-2024-20272 – CVSS score: 7.3) in Unity Connection, allowing arbitrary file upload and execution of commands. Users are advised to update to patched versions to mitigate potential threats. Additionally, 11 medium-severity vulnerabilities have been resolved across Cisco software. Cisco … Read more
January 10, 2024 at 12:06AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six actively exploited security flaws to its catalog, including a high-severity vulnerability in Apache Superset. Details of the issue were first reported in April 2023. CISA recommends federal agencies to apply fixes for these bugs by January 29, 2024, to … Read more
January 2, 2024 at 02:06PM Traditional security appliances are no longer considered effective perimeter security as they are infested with high-risk vulnerabilities, not designed for mobility and the cloud, and are difficult to patch. Cloud-native security, particularly single-vendor SASE, offers convergence of security functions, centralized patching, and cloud-native design, driving a market expected to grow … Read more
December 21, 2023 at 07:33AM Ivanti has released Avalanche 6.4.2 to patch 20 vulnerabilities in its enterprise mobile device management product. The flaws, including critical ones, can be exploited for remote code execution and denial-of-service attacks. Customers are urged to install the patches promptly due to the potential targeting of Ivanti product vulnerabilities by threat … Read more
December 15, 2023 at 09:54AM SecurityWeek’s weekly cybersecurity roundup offers a concise compilation of notable stories, covering topics like Chinese APT hacking, Ukraine’s server destruction, cryptocurrency theft, ransomware gang arrests, vulnerabilities, and software patches. It also highlights industry news such as Dragos CEO joining DataTribe and the launch of 5th Gen Intel Xeon processors with … Read more
December 12, 2023 at 08:48AM Siemens and Schneider Electric have published their Patch Tuesday advisories for December 2023, addressing dozens of vulnerabilities. Siemens’ advisories cover over 30 vulnerabilities, including critical flaws, and Schneider Electric has released advisories about critical, high, and medium-severity vulnerabilities affecting their products. A total of 90 vulnerabilities have been addressed by … Read more
December 11, 2023 at 10:06AM Two years after the Log4Shell vulnerability disclosure, around 1 in 4 applications still rely on outdated Log4j libraries, making them susceptible to exploitation. While some developers promptly updated the libraries, a significant proportion remain vulnerable. Urgent action was effective, but there’s still a need for more rigorous open source security … Read more
December 6, 2023 at 06:00PM Atlassian has patched four critical vulnerabilities (CVE-2022-1471, CVE-2023-22522, CVE-2023-22523, CVE-2023-22524) with CVSS scores up to 9.8, affecting various platforms with risks of remote code execution (RCE). These follow a series of bugs in their widely-used collaboration tools, with prior exploits prompting urgent updates. Meeting Takeaways: 1. Atlassian has encountered four … Read more
December 6, 2023 at 08:00AM CISA updated its Exploited Vulnerabilities Catalog with four Qualcomm flaws, urging federal agencies to patch these, three of which were zero-days exploits. Clear Takeaways from Meeting Notes: 1. CISA updated its Known Exploited Vulnerabilities Catalog with four new entries concerning Qualcomm bugs. 2. Of these four bugs, three have been … Read more
December 6, 2023 at 04:54AM Atlassian patched four critical vulnerabilities in its software, addressing remote code execution risks. CVEs 2022-1471, 2023-22522, 2023-22523, and 2023-22524, with CVSS scores up to 9.8, affect various products including Confluence and Jira. Prior critical flaw in Bamboo also mentioned. Urgent updates recommended. Meeting Takeaways from Dec 06, 2023 – Software … Read more