November 1, 2023 at 12:30PM Cybersecurity company F5’s BIG-IP suite has been found to have vulnerabilities that are already being exploited after proof of concept code was shared online. F5 confirmed evidence of active exploitation just days after limited-detail research was published. The vulnerabilities include an Apache JServ Protocol smuggling vulnerability and an SQL injection … Read more
November 1, 2023 at 10:54AM F5 is warning administrators of their BIG-IP devices about skilled hackers exploiting recently disclosed vulnerabilities. These hackers erase signs of their access and achieve stealthy code execution. Two critical vulnerabilities were identified, and F5 has urged admins to apply available security updates. The vulnerabilities allow for authentication bypass and SQL … Read more
November 1, 2023 at 10:23AM Google has released Chrome version 119, which includes patches for 15 vulnerabilities, with 13 of them reported by external researchers. Three bugs are rated as ‘high severity.’ Google has awarded $16,000 and $11,000 for the first two bugs respectively, with the amount for the third bug yet to be determined. … Read more
October 31, 2023 at 08:52AM Microsoft’s Patch Tuesday, which has been a monthly ritual for IT and security professionals for the past 20 years, aims to consolidate security updates into a planned release cycle. However, the high number of vulnerabilities and the growing dependence on Microsoft tools and services pose risks. Adversaries are becoming smarter … Read more
October 30, 2023 at 04:09PM Three high-severity bugs in the NGINX ingress controller for Kubernetes have been identified. These vulnerabilities, listed as CVE-2023-5043, CVE-2023-5044, and CVE-2022-4886, can potentially enable attackers to steal credentials and other sensitive information from Kubernetes clusters. The flaws have yet to be patched and it is unknown if they have been … Read more
October 30, 2023 at 09:45AM The Pwn2Own Toronto 2023 hacking competition concluded with a total of 58 vulnerabilities exploited. Participants earned over $1 million in rewards by successfully targeting routers, printers, smart speakers, NAS products, surveillance systems, and mobile phones. The highest reward of $100,000 was given to Chris Anastasio on the second day of … Read more
October 30, 2023 at 03:18AM Unpatched security flaws have been discovered in the NGINX Ingress controller for Kubernetes. These vulnerabilities (CVE-2022-4886, CVE-2023-5043, CVE-2023-5044) could allow threat actors to steal secret credentials, execute arbitrary commands, and inject code into the ingress controller. Mitigations have been released, but updating NGINX and enabling strict path validation is recommended. … Read more
October 25, 2023 at 03:57PM Mozilla and Google have released software updates for Firefox and Chrome to address high-severity vulnerabilities, including memory safety bugs. Mozilla’s Firefox update addresses 11 vulnerabilities, including an insufficient activation-delay bug and memory safety issues that could allow arbitrary code execution. The update also patches medium-severity flaws affecting header leakage, crashes, … Read more
October 20, 2023 at 04:34PM Eight critical vulnerabilities have been discovered in SolarWinds’ Access Rights Manager Tool, exposing unpatched systems to potential privilege escalation by attackers. The vulnerabilities range from allowing remote code execution to performing local privilege escalation. A new ARM version, 2023.2.1, has been released to fix the vulnerabilities, and SolarWinds clients are … Read more
October 18, 2023 at 08:48AM Oracle has released 387 new security patches as part of the October 2023 CPU. Over 40 patches address critical-severity flaws and more than 200 resolve bugs that can be remotely exploited. The patches cover various Oracle products, with Financial Services Applications receiving the most fixes. Oracle advises customers to apply … Read more