For the year ended Sept. 2022 employers listed close to 770K job openings for cybersecurity professionals. Security analysts, pen-testers were among top required skills. CyberSeek’s interactive map shows the states and metro…
Critical Remote Code Execution Vulnerability in Apache Commons Text
Is this the next Log4J? [297 words] What: The Apache Foundation appears to have quietly fixed a critical remote code execution (RCE) in Apache Common Text versions 1.5 through 1.9. The vulnerability…
Zscaler releases technical details—and PoC—for now-patched Windows 0-day
Microsoft has rated the previously exploited CVE-2022-37969 as being of high-severity, so now might be a good time to patch (264 words). What: New technical details and proof-of-concept code have become available…
More than 29K+ Fortinet systems in US have admin login screen exposed to the Internet—and two other updates on CVE-2022-40684
Here’s the latest on the authentication bypass flaw (CVE-2022-40684) in FortiOS, FortiProxy, and FortiSwitchManager [300 words] As of October 13, 2022, there were 24,924 servers in the US and 196,668 units globally,…
Siemens patches vulnerability that allows attackers to irreparably compromise entire SIMATIC S7-1200/1500 PLC product lines
Update to new versions of the vulnerable PLC and engineering workstation or implement the workarounds [300 words]. What: A critical vulnerability (CVE-2022-38465 ) exists within Siemens SIMATIC S7-1200, S7-1500 programmable logic controllers (PLCs)…
Multiple APTs Exploiting Zimbra Vulnerability CVE-2022-41352
Patch or mitigate now [300 words] What: Organizations using Zimbra Collaboration suite (ZCS) 8.8.15 and 9.0 should immediately update to Zimbra 9.0.0 P27 released on October 10. Those that cannot should implement…
Microsoft looking into reports of a third Exchange Server zero-day?
Security vendor that discovered bug recommends organizations limit IIS app operating privileges on Exchange Server [297 words] What: Microsoft apparently is looking into a report it received from South Korean cybersecurity vendor…
Here are the highlights of Microsoft’s October 2022 Security Update
Microsoft released fixes for a total of 84 CVEs across its products [300 words]. One of the vulnerabilities that Microsoft patched today is a zero-day that is being actively exploited: Windows COM+…
Update: Attackers actively exploiting recently disclosed authentication bypass vulnerability in FortiOS, FortiProxy and FortiSwitchManager
Key takeaway: Adversaries can exploit the vulnerability remotely to gain full control of affected systems [297 words]. What: Attackers have begun actively exploiting a critical authentication bypass vulnerability (CVE-2022-40684) that Fortinet privately…
Critical vulnerability puts vm2 JavaScript sandbox environments at risk of remote code execution attack
Key takeaway: “Although sandboxes are meant to run untrusted code within your application, you shouldn’t automatically assume that they are safe.”—Oxeye [260 words] What: Organizations using JavaScript sandbox vm2 should immediately update…