Sansec says it has observed more probes in November against the now-patched zero-day flaw (CVE-2022-24086) than the rest of the year combined. Seven threat groups affiliated with the Magecart cybercrime syndicate have…
Category: Vulnerabilities
7 vulnerabilities that federal agencies MUST address by Nov 29
Four of the vulnerabilities are Windows zero-day bugs that Microsoft disclosed in its November security update; three affect Samsung mobile devices. The US Cybersecurity and Infrastructure Security Agency’s (CISA) Binding Operational Directive…
NSA recommends organizations make strategic shift to memory-safe languages
Programming languages such as C and C++ rely too heavily on the programmer not making memory-related mistakes, agency says [300 words]. What: NSA says organizations should consider making a strategic shift from…
Citrix discloses critical authentication bypass flaw; two other vulnerabilities
Organizations should update as soon as possible. If past is precedent, new CVE-2022-27510 flaw could be heavily targeted [286 words]. What: A critical authentication bypass vulnerability (CVE-2022-27510) is present in multiple versions…
Here’s what you need to know of the 4 zero-days in Microsoft’s Nov. update
Microsoft issued patches for of 62 vulnerabilities, nine of which are “Critical” severity and 53 “Important”. Four of the vulnerabilities in Microsoft November 2022 security update are zero-day flaws that are being…
VMware patches critical authorization bypass vulnerability in Spring Security
A critical authorization rules bypass vulnerability exists in Spring Security versions 5.7.0 to 5.7.4 and versions 5.6.0 to 5.6.8. The vulnerability gives attackers a way to potentially bypass an API gateway and…
5 things to know about the bugs patched in OpenSSL version 3.0.7
The first: This isn’t Heartbleed redux [298 words]. What bugs were fixed: OpenSSL version 3.0.7 fixes two “high” severity vulnerabilities in OpenSSL versions 3.0.0 to 3.0.6. The vulnerabilities are CVE-2022-3786 an X.509…
Five useful lists and tools for identifying resources with vulnerable OpenSSL in them
The OpenSSL project team will release a new version of the OpenSSL library (version 3.0.7) on Tuesday to address a critical vulnerability in version 3.0 to 3.6 of the widely used open…
ConnectWise patches critical flaw in its Recover and R1Soft Server Backup Manager technology
Vulnerability gives attackers a way to target thousands of MSPs and their downstream customers. Company urges customers to treat issue as a top priority [298 words]. What: ConnectWise has patched a critical,…
Four quick things to know about the critical bug in OpenSSL that will be disclosed Nov.1
The OpenSSL project team will release a new version of the OpenSSL library (version 3.0.7) on Tuesday to address a critical vulnerability in version 3.0 to 3.6 of the widely used open…