Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address dozens of flaws, including three new zero-days that it said are being actively exploited in the wild. The three security shortcomings are listed below – CVE-2023-32409 – A WebKit flaw that could be exploited by […]
The most important routing protocol for the internet is called BGP. It makes it possible for autonomous systems (ASes), which are groups of IP addresses that are leased to an organization for a certain period of time by a registrar, to share routing and reachability information with one another. When BGP stops working, an autonomous […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The security vulnerabilities are as follows – CVE-2023-1389 (CVSS score: 8.8) – TP-Link Archer AX-21 Command Injection Vulnerability CVE-2021-45046 (CVSS score: 9.0) – Apache Log4j2 Deserialization of Untrusted Data Vulnerability […]
A major vulnerability with a ranking of 10.0 was discovered in specific universal copy service software that is used in some Illumina genome sequencing instruments. This vulnerability might make it possible for a variety of malicious operations to be carried out, including the remote uploading and execution of code at the operating system level. The […]
VMware Workstation, Workstation Pro, and Fusion have been subjected to several privately reported and fixed flaws. VMware has published a security advisory on the critical bugs discovered and their workarounds. CVE(s): CVE-2023-20869 – Stack-based buffer-overflow vulnerability in Bluetooth device-sharing functionality CVE-2023-20870 – Information disclosure vulnerability in Bluetooth device-sharing functionality CVE-2023-20871 – VMware Fusion Raw Disk […]
“How Secure is Code Generated by ChatGPT?” is the title of a pre-press paper. Computer scientists Baba Mamadou Camara, Anderson Avila, Jacob Brunelle, and Raphael Khoury provide a research response that may be summed up as “not very.” The scientists write in their study that the findings were concerning. “We discovered that the code produced […]
On Thursday, the firm issued urgent fixes to resolve serious security flaws in the VMware Aria Operations for Logs product line (which was originally known as vRealize Log Insight). Additionally, the business issued a warning about the potential for pre-authentication remote root attacks.VMware has issued a critical-level warning that details two different vulnerabilities in the […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The two flaws are listed below – CVE-2023-20963 (CVSS score: 7.8) – Android Framework Privilege Escalation Vulnerability CVE-2023-29492 (CVSS score: TBD) – Novi Survey Insecure Deserialization Vulnerability “Android Framework contains […]
During its April 2023 Security Patch Day, the German corporate software manufacturer SAP announced a total of 19 new security notes, five of which were categorized as “hot news” and dealt with significant vulnerabilities (2 new flaws: CVE-2023-27497 & CVE-2023-28765, and 3 updates). The vulnerability in the SAP Diagnostics Agent known as CVE-2023-27497, which has […]
Apple consumers have been dealt a blow in a world where digital security is of the utmost importance due to the recent revelation of two zero-day vulnerabilities that impact a variety of devices. Researchers Clément Lecigne of Google’s Threat Analysis Group and Donncha o Cearbhaill of Amnesty International’s Security Lab were the ones who […]
Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. This entails the abuse of CVE-2022-46169 (CVSS score: 9.8) and CVE-2021-35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week. CVE-2022-46169 relates […]
Samba is a free software project that runs on operating systems that are similar to UNIX and supports the Windows file sharing protocol. This protocol once went by the name SMB, but it was renamed CIFS a little while later. Computers running GNU/Linux, Mac OS X, or Unix in general may be perceived as servers […]
A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google’s Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was […]
As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significant uptick in recent years of threat actors […]
On its March 2023 Security Patch Day, the German corporate software manufacturer SAP announced a total of 19 new security notes, five of which were designated as ‘critical’ . Security vulnerabilities in SAP products are great targets for threat actors since these products are widely utilized by huge enterprises all over the globe and may […]
Apache HTTP Server is one of the web servers that is used the most often throughout the globe. It is responsible for providing power to millions of websites and apps. Recent vulnerabilities found in the server, on the other hand, have the ability to disclose sensitive information and make it easier for attackers to carry […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of shortcomings is as follows – CVE-2022-47986 (CVSS score: 9.8) – IBM Aspera Faspex Code Execution Vulnerability CVE-2022-41223 (CVSS score: 6.8) – Mitel MiVoice Connect Code […]
Fortinet, a company that specialises in cybersecurity, has patched two serious flaws that were present in the FortiNAC and FortiWeb products it manufactures. The customers have been encouraged by Fortinet to quickly upgrade to the most recent versions that are available. The remote code execution vulnerability, which is being tracked as CVE-2022-39952 and has a […]
Threat actors are leveraging known flaws in Sunlogin software to deploy the Sliver command-and-control (C2) framework for carrying out post-exploitation activities. The findings come from AhnLab Security Emergency response Center (ASEC), which discovered that security vulnerabilities in Sunlogin, a remote desktop program developed in China, are being abused to deploy a wide range of payloads. […]
F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP – 13.1.5 14.1.4.6 – 14.1.5 15.1.5.1 – 15.1.8 16.1.2.2 – 16.1.3, and 17.0.0 “A format […]
Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software, nearly two months after three security vulnerabilities were brought to light in the same product. Firmware security firm Eclypsium said the two shortcomings were held back until now to provide AMI additional time to engineer appropriate mitigations. The […]