November 14, 2023 at 09:27AM Siemens and Schneider Electric have released their Patch Tuesday advisories for November 2023, addressing a total of around 90 vulnerabilities in their products. Siemens has informed customers about vulnerabilities in several of their devices and software, with some being critical and high-severity. Siemens plans to release patches for most of … Read more
November 14, 2023 at 01:33AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has set a November 17 deadline for federal agencies and organizations to address security flaws in Juniper Junos OS. CISA added five vulnerabilities to the Known Exploited Vulnerabilities catalog, with potential for remote code execution. CISA also warned about the Royal ransomware … Read more
November 13, 2023 at 01:32AM The UK’s Royal Mail has been found to have an open redirect flaw on one of its websites, which potentially exposes customers to malware infections and phishing attacks. The vulnerability allows attackers to use the legitimate website to redirect users to malicious sites. The Royal Mail has been notified of … Read more
November 10, 2023 at 07:59AM GitHub has introduced a new code scanning autofix feature as part of its Advanced Security program. The feature uses CodeQL, GitHub’s static-analysis scanner, to identify critical vulnerabilities in code and suggest fixes. This AI-powered tool aims to reduce developers’ time spent on fixing issues and improve the efficiency of vulnerability … Read more
November 10, 2023 at 05:23AM Cerber ransomware has been exploiting the Atlassian Confluence vulnerability CVE-2023-22518. The vulnerability allows unauthorized users to reset and create a Confluence instance administrator account, granting them full admin privileges. Cerber previously targeted Atlassian in 2021. The ransomware uses an encoded PowerShell command to download and execute a remote payload, encrypting … Read more
November 7, 2023 at 05:54AM ChatGPT, a popular AI chatbot, is both a productive tool and a security risk. Attackers can exploit ChatGPT for activities like data exfiltration, spreading misinformation, and writing phishing emails. On the other hand, defenders can use it to identify vulnerabilities and enhance their security posture. It is crucial to acknowledge … Read more
November 7, 2023 at 12:36AM Veeam has released security updates to address four vulnerabilities in its ONE IT monitoring and analytics platform. Two of the flaws are rated critical and can lead to remote code execution and obtaining sensitive information. The affected versions are 11, 11a, and 12, and users are advised to install the … Read more
November 6, 2023 at 04:59PM Veeam has released hotfixes to address four vulnerabilities in its Veeam ONE IT infrastructure monitoring and analytics platform. Two of the vulnerabilities are critical and allow attackers to gain remote code execution and steal NTLM hashes. The remaining two are medium-severity bugs. The company has provided hotfixes for actively supported … Read more
November 2, 2023 at 01:43PM The CEO of Saudi Aramco warned that the energy sector is vulnerable to attacks, especially with the introduction of new technologies like generative AI. Amin H. Nasser emphasized that any disruption to the global energy supply would have significant consequences. He stressed the need for assessing these technologies and addressing … Read more
November 1, 2023 at 07:05PM A recent report from ZScaler’s ThreatLabz revealed that Microsoft 365 has numerous vulnerabilities due to its support for the SketchUp 3D Library. Over a three-month period, ZScaler identified 117 unique vulnerabilities, prompting Microsoft to release patches. However, the fixes were bypassed, resulting in Microsoft temporarily disabling SketchUp support in June … Read more