December 12, 2023 at 02:02PM Today’s December 2023 Patch Tuesday from Microsoft addresses 34 flaws, including an unpatched vulnerability in AMD CPUs. Notably, it resolves a public zero-day AMD bug and includes a total of 8 fixes for Microsoft Edge flaws. Additionally, updates from other vendors in December are detailed, along with a list of … Read more
November 21, 2023 at 11:41AM Admins who have patched their NetScaler appliances against the Citrix Bleed vulnerability must take additional measures to secure their devices. Citrix advises wiping all previous user sessions and terminating active ones to prevent attackers from accessing compromised devices. The flaw has been actively exploited since late August, and compromised sessions … Read more
November 13, 2023 at 12:29PM CISA has warned federal agencies to secure Juniper devices on their networks by Friday due to four vulnerabilities that are being actively exploited. Juniper has acknowledged successful exploitation of these vulnerabilities and has urged customers to upgrade immediately. Over 10,000 Juniper devices with vulnerable interfaces have been exposed online. CISA … Read more
November 7, 2023 at 08:06AM Google has released the November 2023 Android security updates, addressing 37 vulnerabilities. The first part of the update, the 2023-11-01 security patch level, addresses 15 vulnerabilities in Android’s Framework and System components, including a critical security vulnerability. The second part, the 2023-11-05 security patch level, fixes 22 security defects in … Read more
November 7, 2023 at 12:36AM Veeam has released security updates to address four vulnerabilities in its ONE IT monitoring and analytics platform. Two of the flaws are rated critical and can lead to remote code execution and obtaining sensitive information. The affected versions are 11, 11a, and 12, and users are advised to install the … Read more
November 6, 2023 at 01:00PM QNAP has released security updates to address two critical vulnerabilities in its operating system. The first vulnerability, tracked as CVE-2023-23368, is a command injection bug affecting QTS, QuTS hero, and QuTScloud. The second vulnerability, CVE-2023-23369, is a command injection flaw in QTS, Multimedia Console, and Media Streaming add-on. Users are … Read more
November 2, 2023 at 05:30AM The Forum of Incident Response and Security Teams (FIRST) has announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard. This update aims to provide a more accurate assessment of vulnerabilities and introduces new metrics for assessment. It also emphasizes that CVSS should not be the sole … Read more
November 1, 2023 at 02:49PM Threat actors are targeting government, technical, and legal organizations globally by exploiting the ‘Citrix Bleed’ vulnerability (CVE-2023-4966) in Citrix NetScaler ADC and Gateway appliances. The attacks have been ongoing since August 2023 and involve credential theft and lateral movement. The attacks are difficult to detect due to limited forensic evidence. … Read more
November 1, 2023 at 10:09AM The cost to hack an iPhone ranges from $0 to $65,000 depending on security updates. Exploiting an individual’s iPhone can cost up to $8 million. Apple’s investment in hardening the iPhone has contributed to the higher cost compared to exploiting software like Adobe Acrobat. Big tech companies have spent significant … Read more
October 26, 2023 at 01:02PM Consumers worldwide are increasingly demanding secure devices that are supported for longer periods, according to a survey by Omdia. Companies like Google and Fairphone are driving this trend, but governments are also stepping in to ensure security and benefit consumer safety and the environment. Longer support periods and frequent security … Read more