MITRE, a non-profit organization that provides research and development in the areas of cybersecurity and information assurance, has released its list of the top 25 most dangerous software weaknesses. The list is based on data from the Common Vulnerabilities and Exposures (CVE) database, which is a repository of known security …
Read More »
IBM QRadar is a popular SIEM (Security Incident and Event Management) tool that organizations use to detect and monitor threats. It can be used in the form of a physical appliance, a software-only solution, or a virtual appliance. As of 2023, over 1,130 companies worldwide use IBM QRadar as part …
Read More »
Cisco AsyncOS Software, used by Cisco Secure Email and Web Manager, Cisco Secure Email Gateway (previously Cisco Email Security Appliance; ESA), and Cisco Secure Web Appliance (WSA), has multiple flaws in its web-based management interface. The vulnerabilities could allow a remote attacker to launch cross-site scripting (XSS) attack against a …
Read More »
Fortinet has released patches to address a critical vulnerability in its FortiNAC network access control solution. The vulnerability, tracked as CVE-2023-33299, is a deserialization of untrusted data issue that could allow an unauthenticated attacker to execute unauthorized code or commands on affected devices. The vulnerability impacts FortiNAC versions up to …
Read More »
Google has released a security update for Chrome that patches four high-severity vulnerabilities. The update is available for Mac, Linux, and Windows, and it will be rolled out over the next few days/weeks. The vulnerabilities were discovered by three outside researchers, and they could have been exploited by attackers to …
Read More »
Today, CISA ordered federal agencies to patch recently patched security vulnerabilities exploited as zero-days to deploy Triangulation spyware on iPhones via iMessage zero-click exploits. The warning comes after Kaspersky published a report detailing a Triangulation malware component used in a campaign it tracks as “Operation Triangulation.” Kaspersky says it found …
Read More »
Cybersecurity solutions company Fortinet has updated its zero-trust access solution FortiNAC to address a critical-severity vulnerability that attackers could leverage to execute code and commands. FortiNAC is a allows organizations to manage network-wide access policies, gain visibility of devices and users, and secure the network against unauthorized access and threats. …
Read More »
Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed. This includes repositories from organizations such as Google, Lyft, and several others, Massachusetts-based cloud-native security firm Aqua said in a Wednesday report. The supply chain vulnerability, also known as dependency repository …
Read More »
ASUS has released new firmware for several router models to address security vulnerabilities, including critical ones like CVE-2022-26376 and CVE-2018-1160, which can lead to denial-of-service attacks and code execution. The seven other flaws are as follows – CVE-2022-35401 (CVSS score: 8.1) – An authentication bypass vulnerability that could permit an attacker to send malicious HTTP requests …
Read More »
Mandiant, a prominent cybersecurity firm now part of google cloud, has uncovered the activities of UNC3886, a Chinese cyberespionage group that has been actively exploiting a zero-day vulnerability in VMware ESXi. This vulnerability allows the group to escalate privileges on guest virtual machines, gaining unauthorized access and control. The initial …
Read More »
InfoSecBulletin Cybersecurity for mankind