January 29, 2024 at 05:07PM Security researchers discovered about 45,000 vulnerable Jenkins instances online, susceptible to CVE-2023-23897, a critical flaw allowing remote code execution. The issue originates from an automatic file reading feature, potentially leading to arbitrary command execution. There are multiple public PoC exploits available, posing a significant threat to unpatched Jenkins servers globally. … Read more
January 25, 2024 at 11:48AM Over 5,000 unpatched GitLab servers are vulnerable to account takeover due to CVE-2023-7028. The flaw, affecting versions 16.1.0 and onwards, allows send password reset emails to unverified addresses, disclosed by a non-profit group. Patches are available in GitLab versions 16.5.6, 16.6.4, and 16.7.2, with hundreds of vulnerable servers globally. GitLab … Read more
January 25, 2024 at 09:41AM Cisco has issued a security bulletin warning of a critical remote code execution vulnerability, tracked as CVE-2024-20253, affecting several of its Unified Communications Manager and Contact Center Solutions products. The vulnerability could allow remote attackers to execute arbitrary code. The vendor recommends applying available security updates and implementing access control … Read more
January 25, 2024 at 06:48AM Mozilla announced security updates for Firefox and Thunderbird to patch 15 vulnerabilities, including five high-severity flaws. The first flaw could allow memory corruption and potential denial of service or execution of arbitrary code. Other issues include failure to update user input timestamp, unchecked return value in TLS handshake code, and … Read more
January 24, 2024 at 05:29AM Microsoft has reported 0x80073cf2 errors for admins using the Sysprep tool to validate Windows 10 installations after recent updates. This issue affects Windows 10, version 22H2 systems in audit mode. A temporary workaround is available for affected Windows images by removing the problematic Microsoft.MicrosoftEdge package using a PowerShell command. Microsoft … Read more
January 22, 2024 at 03:24PM Apple has released iOS 17.3 and macOS Sonoma 14.3 updates to address 16 vulnerabilities including WebKit flaws exploited in zero-day attacks. Apple warns of code execution, denial-of-service, and data exposure threats and suspects recent exploitation. The updates also fix security issues in several other components. Apple hasn’t provided technical details … Read more
January 22, 2024 at 01:42PM Summary: Multiple CVEs are addressed, including memory handling, timing side-channel issues, redaction of sensitive information, and improved handling of files. Updates are available for various products, such as Apple Neural Engine, CoreCrypto, Kernel, Mail Search, NSSpellChecker, etc., impacting devices like iPhone XS and later, iPad Pro, and more. From the … Read more
January 22, 2024 at 01:42PM Apple has released an update addressing two security vulnerabilities in WebKit, affecting iOS devices before version 16.7.1. The vulnerabilities could lead to sensitive information disclosure and arbitrary code execution when processing web content. The update is available for specific iPhone and iPad models, and iPod touch. Meeting Takeaways: 1. Apple … Read more
January 22, 2024 at 01:42PM Summary: – Apple released updates addressing multiple CVE issues including privacy, memory handling, and access risks affecting various products like Accessibility, Apple Neural Engine, curl, ImageIO, Safari, and WebKit for specific devices. The updates aim to mitigate potential user data exposure, arbitrary code execution, and web content vulnerabilities. From the … Read more
January 17, 2024 at 06:56AM The latest Windows Server 2022 patch, KB5034129, has caused issues with the Chrome browser and other Chromium-based browsers, as well as the Snipping Tool and Firefox. Users are experiencing problems with graphical subsystems, resulting in failures to open or blank white boxes. Some have resorted to uninstalling the update or … Read more