September 12, 2024 at 07:47AM Cisco announced patches for eight vulnerabilities in the IOS XR network operating system, including fixes for six high-severity bugs. The most severe flaws allow privilege escalation and remote DoS attacks. Two high-severity flaws affecting the Routed Passive Optical Network (PON) controller software could be exploited for command injection. Cisco plans … Read more
July 2, 2024 at 09:22AM Splunk announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. The vulnerabilities include remote code execution flaws, command injection flaw, path traversal, and denial-of-service. Splunk also addressed medium-severity flaws. No mention of exploitation in the wild was made. Additional information is available on Splunk’s … Read more
May 15, 2024 at 04:24AM In May 2024, Microsoft’s Patch Tuesday updates addressed 61 security flaws, including two zero-days actively exploited. A Critical flaw in the Windows MSHTML Platform and an Important one in the Desktop Window Manager were exploited in attacks. The vulnerabilities require urgent fixes to prevent widespread exploitation. Other vendors have also … Read more
April 18, 2024 at 08:45AM Cisco released patches for a high-severity IMC vulnerability (CVE-2024-20295, CVSS 8.8) allowing local attackers to inject commands and gain root privileges. Another flaw (CVE-2024-20356) could let remote attackers gain root privileges. A medium-severity bug (CVE-2024-20373) in IOS and IOS XE software was also fixed. Users are urged to update their … Read more
December 12, 2023 at 04:17PM Apple released patches for numerous vulnerabilities on Dec. 11, impacting iPhones, Macs, Apple TVs, Apple Watches, and Safari. Notable flaws include an iOS FindMy location privacy issue, unauthenticated access to private browsing tabs, and Apple Watch webkit vulnerabilities. Also, an authentication bypass vulnerability affecting macOS, iOS, Linux, and Android was … Read more
November 17, 2023 at 11:15AM SecurityWeek’s weekly roundup highlights several cybersecurity stories. The world-renowned law firm Allen & Overy experienced a data breach by the LockBit ransomware group. The largest bank in China, Industrial and Commercial Bank of China, allegedly paid a ransom to the LockBit gang. Europol aided in the takedown of a vishing … Read more
November 1, 2023 at 10:54AM F5 is warning administrators of their BIG-IP devices about skilled hackers exploiting recently disclosed vulnerabilities. These hackers erase signs of their access and achieve stealthy code execution. Two critical vulnerabilities were identified, and F5 has urged admins to apply available security updates. The vulnerabilities allow for authentication bypass and SQL … Read more