Day: October 11, 2022

Enterprise Vulnerabilities

Here are the highlights of Microsoft’s October 2022 Security Update

Microsoft released fixes for a total of 84 CVEs across its products [300 words]. One of the vulnerabilities that Microsoft patched today is a zero-day that is being actively exploited: Windows COM+ Event System Service Elevation of Privilege Vulnerability (CVE-2022-41033):  An attacker could gain system level privileges. Two other recently disclosed zero-days (CVE-2022-41040 and CVE-2022-41082) […]

Read More
Breaches Enterprise Vulnerabilities

Update: Attackers actively exploiting recently disclosed authentication bypass vulnerability in FortiOS, FortiProxy and FortiSwitchManager

Key takeaway:  Adversaries can exploit the vulnerability remotely to gain full control of affected systems [297 words]. What: Attackers have begun actively exploiting a critical authentication bypass vulnerability (CVE-2022-40684) that Fortinet privately disclosed last week in its FortiOS, FortiProxy and FortiSwitchManager technologies.  The vulnerability allows a remote, unauthenticated attacker to gain full administrative control of […]

Read More

Critical vulnerability puts vm2 JavaScript sandbox environments at risk of remote code execution attack

Key takeaway: “Although sandboxes are meant to run untrusted code within your application, you shouldn’t automatically assume that they are safe.”—Oxeye [260 words] What: Organizations using JavaScript sandbox vm2 should immediately update to version 3.9.11 of vm2. Why: A critical vulnerability (CVE-2022-36067) exists in all previous versions of vm2 that gives remote attackers a way […]

Read More