January 10, 2024 at 03:46PM Cisco has addressed a critical security flaw in Unity Connection, preventing unauthenticated attackers from gaining root privileges remotely. The vulnerability (CVE-2024-20272) allows execution of commands on the operating system by uploading arbitrary files. Additionally, Cisco patched ten medium-severity vulnerabilities in various products, including a command injection flaw in the WAP371 … Read more
January 9, 2024 at 02:33PM The U.S. Cybersecurity and Infrastructure Security Agency has added six vulnerabilities impacting products from Apple, Adobe, Apache, D-Link, and Joomla to the Known Exploited Vulnerabilities catalog. These flaws are actively exploited and pose significant risks. Federal agencies have until January 29 to patch or discontinue use of the vulnerable products. … Read more
January 9, 2024 at 02:11PM Microsoft’s January 2024 Patch Tuesday addresses 49 flaws and 12 remote code execution vulnerabilities. Notably, a Windows Kerberos Security Feature Bypass and a Hyper-V RCE were classified as critical. Microsoft also addressed an Office Remote Code Execution Vulnerability and other flaws. Other vendors released updates, including .NET, Azure, Microsoft Edge, … Read more
January 9, 2024 at 11:33AM Criminal IP, a Cyber Threat Intelligence search engine developed by AI SPERA, has partnered with Tenable for threat analysis and exposure management. It streamlines essential IP address data to Tenable’s platform, empowering users to proactively identify and mitigate potential threats. This collaboration provides a comprehensive solution for cybersecurity strategy and … Read more
January 8, 2024 at 08:36AM Security professionals are prioritizing use cases such as incident response, alert triage, vulnerability management, spear phishing, and threat intelligence for technology investments. Automation adoption is driven by the need for efficiency, with top use cases varying by industry. A standardized, data-driven and extensible platform is key for successful security automation … Read more
January 4, 2024 at 05:40PM Industrial Defender has launched the Industrial Defender Risk Signal, a risk-based vulnerability management (RBVM) solution tailored for industrial environments. The solution significantly reduces vulnerability lists, integrates threat intelligence, and allows customizable risk tolerance. Industrial Defender is a trusted provider of OT asset data and cybersecurity solutions with a mission to … Read more
January 3, 2024 at 07:58AM The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to its Known Exploited Vulnerabilities catalog. The first vulnerability, CVE-2023-7101, affects the Spreadsheet::ParseExcel library, allowing remote code execution. The second vulnerability, CVE-2023-7024, is a heap buffer overflow issue in WebRTC in Google Chrome. Federal agencies have until January 23 … Read more
December 22, 2023 at 01:12PM Google has released an urgent update to address a critical vulnerability in Chrome, identified as CVE-2023-7024. This heap buffer overflow flaw in Chrome’s WebRTC module allows remote code execution. While the threat is significant, Chrome’s sandbox and site isolation features provide some protection. The bug also extends to Microsoft Edge, … Read more
December 21, 2023 at 07:33AM Ivanti has released Avalanche 6.4.2 to patch 20 vulnerabilities in its enterprise mobile device management product. The flaws, including critical ones, can be exploited for remote code execution and denial-of-service attacks. Customers are urged to install the patches promptly due to the potential targeting of Ivanti product vulnerabilities by threat … Read more
December 19, 2023 at 01:20PM Microsoft identified four critical vulnerabilities in the Perforce source-code management platform, allowing attackers to access a highly privileged Windows OS account, enabling remote code execution and supply chain attacks. The flaws can lead to various malicious activities, including denial-of-service attacks. Perforce has issued a patch (version 2023.1/2513900) to address these … Read more