Vulnerabilities

Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Three of these vulnerabilities have been identified as actively exploited in targeted attacks. One vulnerability, tracked as CVE-2023-26083, is a memory leak flaw affecting the Arm Mali GPU driver for Bifrost, Avalon, and …

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by …

A new tool is available on GitHub that gives attackers a way to leverage a recently disclosed vulnerability in Microsoft Teams and automatically deliver malicious files to targeted Teams users in an organization. The tool, dubbed “TeamsPhisher,” works in environments where an organization allows communications between its internal Teams users …

Hundreds of thousands of FortiGate firewalls are vulnerable to a critical security issue identified as CVE-2023-27997, almost a month after Fortinet released an update that addresses the problem. The vulnerability is a remote code execution with a severity score of 9.8 out of 10 resulting from a heap-based buffer overflow problem in FortiOS, …

MITRE, a non-profit organization that provides research and development in the areas of cybersecurity and information assurance, has released its list of the top 25 most dangerous software weaknesses. The list is based on data from the Common Vulnerabilities and Exposures (CVE) database, which is a repository of known security …

IBM QRadar is a popular SIEM (Security Incident and Event Management) tool that organizations use to detect and monitor threats. It can be used in the form of a physical appliance, a software-only solution, or a virtual appliance. As of 2023, over 1,130 companies worldwide use IBM QRadar as part …

Cisco AsyncOS Software, used by Cisco Secure Email and Web Manager, Cisco Secure Email Gateway (previously Cisco Email Security Appliance; ESA), and Cisco Secure Web Appliance (WSA), has multiple flaws in its web-based management interface. The vulnerabilities could allow a remote attacker to launch cross-site scripting (XSS) attack against a …

Fortinet has released patches to address a critical vulnerability in its FortiNAC network access control solution. The vulnerability, tracked as CVE-2023-33299, is a deserialization of untrusted data issue that could allow an unauthenticated attacker to execute unauthorized code or commands on affected devices. The vulnerability impacts FortiNAC versions up to …

Google has released a security update for Chrome that patches four high-severity vulnerabilities. The update is available for Mac, Linux, and Windows, and it will be rolled out over the next few days/weeks. The vulnerabilities were discovered by three outside researchers, and they could have been exploited by attackers to …

Today, CISA ordered federal agencies to patch recently patched security vulnerabilities exploited as zero-days to deploy Triangulation spyware on iPhones via iMessage zero-click exploits. The warning comes after Kaspersky published a report detailing a Triangulation malware component used in a campaign it tracks as “Operation Triangulation.” Kaspersky says it found …