Found 21 bookmarks
Custom sorting
Sophos has patched EOL Firewall versions against a critical flaw exploited in the wild, after identifying a new exploit.
Sophos has patched EOL Firewall versions against a critical flaw exploited in the wild, after identifying a new exploit.
UK-based cybersecurity firm Sophos this week announced patches for an exploited vulnerability in Firewall versions that have reached End-of-Life (EOL). The critical-severity flaw, tracked as CVE-2022-3236, was found to impact versions 19.0 MR1 (19.0.1) and older of the product. It was originally patched in September 2022, but only in supported versions of Sophos Firewall. Sophos describes the security defect as a code injection issue in the Firewall’s User Portal and Webadmin components, allowing attackers to achieve remote code execution (RCE).
#securityweek#EN#2023#Sophos#CVE-2022-3236#critical-severity#EOL#Firewall#patch
·securityweek.com·
Sophos has patched EOL Firewall versions against a critical flaw exploited in the wild, after identifying a new exploit.
Microsoft Patch Tuesday November 2023
Microsoft Patch Tuesday November 2023
Today, Microsoft released patches for 64 different vulnerabilities in Microsoft products, 14 vulnerabilities in Chromium affecting Microsoft Edge, and five vulnerabilities affecting Microsoft's Linux distribution, Mariner. Three of these vulnerabilities are already being exploited, and three have been made public before the release of the patches.
#isc.sans.edu#EN#2023#Microsoft#Patch#patch-tuesday#November2023
·isc.sans.edu·
Microsoft Patch Tuesday November 2023
Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign
Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign
Affected Platforms: FortiOS Impacted Users: Targeted at government, manufacturing, and critical infrastructure Impact: Data loss and OS and file corruption Severity Level: Critical Today, Fortinet published a CVSS Critical PSIRT Advisory (FG-IR-23-097 / CVE-2023-27997) along with several other SSL-VPN related fixes. This blog adds context to that advisory, providing our customers with additional details to help them make informed, risk-based decisions, and provides our perspective relative to recent events involving malicious actor activity.
#fortinet#EN#2023#patch#CVE-2023-27997#analysis#VoltTyphoon#Clarifications
·fortinet.com·
Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign
Google pushes emergency Chrome update to fix 8th zero-day in 2022
Google pushes emergency Chrome update to fix 8th zero-day in 2022
Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year.
#bleepingcomputer#Google#Google-Chrome#Vulnerability#Web-Browser#Zero-Day#patch#CVE-2022-3723#CVE-2022-3075#CVE-2022-2856#CVE-2022-2294#CVE-2022-1364#CVE-2022-1096#CVE-2022-0609
·bleepingcomputer.com·
Google pushes emergency Chrome update to fix 8th zero-day in 2022
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network. The vulnerability is tracked as CVE-2022-37972 and it has been described by Microsoft as a medium-severity spoofing issue. The tech giant has credited Brandon Colley of Trimarc Security for reporting the flaw.
#Microsoft#EN#2022#CVE-2022-37972#Endpoint-Configuration-Manager#patch#vulnerability
·securityweek.com·
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Apple has pushed a silent Mac update to remove hidden Zoom web server
Apple has pushed a silent Mac update to remove hidden Zoom web server
Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission. The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which […]
#techcrunch#2019#macos#Zoom#privacy#apple#EN#patch#silent#update#hidden#CVE-2019–13449
·techcrunch.com·
Apple has pushed a silent Mac update to remove hidden Zoom web server
Google pushes emergency Chrome update to fix 8th zero-day in 2022
Google pushes emergency Chrome update to fix 8th zero-day in 2022
Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year.
#bleepingcomputer#Google#Google-Chrome#Vulnerability#Web-Browser#Zero-Day#patch#CVE-2022-3723#CVE-2022-3075#CVE-2022-2856#CVE-2022-2294#CVE-2022-1364#CVE-2022-1096#CVE-2022-0609
·bleepingcomputer.com·
Google pushes emergency Chrome update to fix 8th zero-day in 2022
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network. The vulnerability is tracked as CVE-2022-37972 and it has been described by Microsoft as a medium-severity spoofing issue. The tech giant has credited Brandon Colley of Trimarc Security for reporting the flaw.
#Microsoft#EN#2022#CVE-2022-37972#Endpoint-Configuration-Manager#patch#vulnerability
·securityweek.com·
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Apple has pushed a silent Mac update to remove hidden Zoom web server
Apple has pushed a silent Mac update to remove hidden Zoom web server
Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission. The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which […]
#techcrunch#2019#macos#Zoom#privacy#apple#EN#patch#silent#update#hidden#CVE-2019–13449
·techcrunch.com·
Apple has pushed a silent Mac update to remove hidden Zoom web server
Apple has pushed a silent Mac update to remove hidden Zoom web server
Apple has pushed a silent Mac update to remove hidden Zoom web server
Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission. The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which […]
#techcrunch#2019#macos#Zoom#privacy#apple#EN#patch#silent#update#hidden#CVE-2019–13449
·techcrunch.com·
Apple has pushed a silent Mac update to remove hidden Zoom web server