Vulnerabilities

Microsoft Patch Tuesday security updates for November 2023 addressed 63 new vulnerabilities in Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; ASP.NET and .NET Framework; Azure; Mariner; Microsoft Edge (Chromium-based), Visual Studio, and Windows Hyper-V. The IT giant has addressed vulnerabilities with different severity ratings. Three are …

Hackers attacked Denmark’s critical infrastructure by compromising 22 energy organizations. This information was revealed by SektorCERT, a non-profit cybersecurity center for critical sectors. In May 2023, hackers attacked Danish critical infrastructure and compromised several organizations in just a few days. This was the biggest attack of its kind in Denmark …

Juniper Networks, a manufacturer of networking equipment, has released patches for over 30 vulnerabilities in Junos OS and Junos OS Evolved. These patches include fixes for nine high-severity vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to …

WhatsApp introduces a privacy feature called “Protect IP Address in Calls.” This feature masks users’ IP addresses by relaying the calls through its servers. WhatsApp stated that calls are end-to-end encrypted, meaning that even if a call goes through their servers, they cannot listen to the calls. The main idea …

Trend Micro’s Zero Day Initiative (ZDI) Thursday (02.11.23) published four zero days vulnerabilities of Microsoft Exchange which can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations. Bleeping Computer reported, these vulnerabilities were reported to Microsoft on September 7th and 8th, 2023. Microsoft acknowledges the reports …

Three unpatched security flaws in the NGINX Ingress controller for Kubernetes have been revealed. These flaws have a high severity level and could be used by a malicious actor to steal secret credentials from the cluster. The vulnerabilities are as follows: CVE-2022-4886 (CVSS score: 8.8) – Ingress-nginx path sanitization can …

F5 warned customers about a serious security flaw in BIG-IP that may lead to unauthorized remote code execution. An issue has been identified in the configuration utility component. It is assigned the CVE identifier CVE-2023-46747 and has a CVSS score of 9.8 out of 10. F5 has stated that an …

The Cyber Threat Intelligence team of BGD e-GOV CIRT has issued a warning about ongoing attacks using two zero-day vulnerabilities in Cisco’s IOS XE Software web UI feature. Successful exploitation attempts have been observed against organizations in Bangladesh. This advisory is intended for IT teams responsible for configuring and managing …

Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. VMware Aria Operations for Logs contains an authentication bypass vulnerability VMware has evaluated the severity of this issue to be in the Important Severity Range with a maximum CVSSv3 base score of 8.1. An unauthenticated, malicious actor …

Cisco plans to release a patch for two zero-day flaws in its IOS XE devices on October 22. The first Cisco zero-day bug, which is named CVE-2023-20198, was reported on Oct. 16. By the time it was found, it had already been used by attackers to compromise over 10,000 Cisco …