January 8, 2024 at 06:18AM The number of CNA organizations and CVE identifiers increased in 2023. There were 28,902 published CVEs with an average of 80 new CVEs per day, and the average CVSS score was 7.12. The number of new CNAs announced increased to 84, totaling nearly 350 CNAs from 38 countries. The top … Read more
January 8, 2024 at 02:33AM Summary: Meta introduces a new feature, Link History, to gather user data for targeted advertising. Security teams are addressing critical vulnerabilities in Chrome and other software, while Twitter accounts of security firms Mandiant and CertiK are hijacked for crypto scams. Additionally, a Nigerian national is awaiting extradition to the US … Read more
January 2, 2024 at 02:06PM Traditional security appliances are no longer considered effective perimeter security as they are infested with high-risk vulnerabilities, not designed for mobility and the cloud, and are difficult to patch. Cloud-native security, particularly single-vendor SASE, offers convergence of security functions, centralized patching, and cloud-native design, driving a market expected to grow … Read more
December 29, 2023 at 08:54AM SecurityWeek weekly roundup provides a concise compilation of cybersecurity stories that may have been overlooked. This week’s stories include a $60 million crypto theft, Android backdoor infection, Microsoft warning of malware distribution, Mint Mobile data breach, and NASA’s space security guidance. Other topics covered are hacking claims, Chrome Safety Check, … Read more
December 22, 2023 at 06:45AM CISA released advisories for ICS vulnerabilities affecting FXC routers and QNAP NVR devices, exploited in the wild. The FXC flaw allows remote code execution via NTP server settings, affecting outlet wall routers in Japan. QNAP’s vulnerability, patched years ago, is being exploited by a Mirai-based malware campaign targeting legacy models. … Read more
December 20, 2023 at 01:10PM Ivanti released security updates fixing 13 critical vulnerabilities in their Avalanche enterprise mobile device management (MDM) solution. The flaws relate to buffer overflows. Unauthenticated attackers could exploit them for remote code execution. All issues were resolved in Avalanche v6.4.2.313. CISA and NCSC-NO have expressed concern about potential widespread exploitation in … Read more
December 20, 2023 at 10:21AM Mozilla announced security updates for Firefox 121 and Thunderbird 115.6 addressing 21 vulnerabilities, including high-severity issues like WebGL heap buffer overflow, NSS NIST curves vulnerability to Minerva attack, and uninitialized data exposure in EncryptingOutputStream. Both updates also include patches for several memory safety issues. The release notes contain further details. … Read more
December 19, 2023 at 03:05PM “Microsoft urges immediate patching for four Perforce Helix Core Server vulnerabilities, including a critical RCE bug. Perforce Server used in gaming, government, military, and tech sectors. All vulnerabilities fixable by updating to version 2023.1/2513900. Microsoft has not seen exploitation but warns of potential complete system takeover. Additional security measures and … Read more
December 18, 2023 at 03:52PM Four vulnerabilities, including a critical one, were found in the Perforce Helix Core Server, a widely used source code management platform. Discovered by Microsoft analysts, flaws included denial of service issues and remote code execution by unauthenticated attackers. Users are urged to upgrade to version 2023.1/2513900 to mitigate risk and … Read more
December 17, 2023 at 09:27PM MongoDB issued an alert about unauthorized access to its corporate systems, exposing customer account metadata and contact information. Customers are advised to be vigilant for social engineering and phishing attacks, activate multi-factor authentication, and rotate their passwords. Critical vulnerabilities in Siemens and Unitronics PLCs and other ICS devices were also … Read more